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Including vendors on IT teams 


can deepen your skills bench and 


bolster project expertise, but at 
the risk of exposing far too much 
inside information. Vendor part- 
ners who hang around the office 
and drop in on meetings can gain 
insights into plans for new proj- 
ects and deadlines, which can 
work against you when negotiat- 
ing future contracts. Here’s how 
to get the most out of trusted al- 
lies while foiling corporate spies. 
STORY BEGINS ON PAGE 45. 
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IT Still lffy on Web Services 


Users experimenting, 
see potential for help 
with app integration 


BY CAROL SLIWA 
Web services clearly will play 
a role in the application inte- 
gration plans of many IT 
shops. But how big a role, and 
when that will happen, is any- 
body’s guess. 

Several IT managers attend- 
ing Gartner Inc.’s recent Ap- 
plication Integration and Web 


| Services conference in Chica- 
go said they have yet to deter- 
mine in what ways, if any, they 
| will use Web services to ad- 
dress their integration needs. 
“T think it will play a large 
part over time. We’re looking 
at using it in isolated cases to 
get some experience,” said Bill 
| Genn, a site architect at Lon- 
| don Life Insurance Co. in Lon- 
| don, Ontario. 
Genn said one such effort 
| might involve aggregating in- 


Web Services, page 57 
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Datek IT Reenter 
Challenges Ameritrade 


Merged online brokerage begins massive task 
of melding low-end, high-end architectures 





BY LUCAS MEARIAN 
Two months after Ameritrade 
Holding Corp. completed its 
$1.3 billion acquisition of 
Datek Online Holdings Corp., 
IT managers at the merged 
online brokerage are rolling 
up their sleeves to begin inte- 
grating two distinctly differ- 
ent technology architectures. 


Before the effort is finished, | 


Ameritrade IT executives 
said last week, three data cen- 
ters must be consolidated into 
two, a pair of online trading 
Web sites needs to become 
one, and a single IT infra- 
structure has to be set up. 
That won’t happen over- 
night. For example, Cecilia 
Murphy, vice president of 


technology engineering ser- 


| vices at Omaha-based Ameri- 


trade, said the company’s plan 


| is to have a unified systems ar- 


chitecture in place by next 
summer. Ameritrade hasn't 
decided yet what server tech- 


nologies will be used, she said. 


Datek’s IT backbone com- 
prises mostly low-end Win- 
Ameritrade Is Dumping: 
& Paper checks and wire transfers 
in favor of the financial industry's 


Automated Clearing House systom 


® its Omaha data center, leaving 
IT facilities in Kansas City, Mo., 
and Secaucus, N.J. 


@ iClearing LLC, a Datek-affiliated 


company that handled trade- 


Citrix to Simplify Licensing 


Vendor vows to make 
both purchase- and 
usage-tre icking easier 


BY CAROL SLIWA 

ORLAND 

Citrix Systems Inc. knows its 
licensing policy is too compli- 
cated, and last week it pledged | 
to do something about it. 

CEO Mark Templeton told 
customers at the Citrix iForum 
conference here that changes 
are in the works to make it 
easier to do business with the 
Fort Lauderdale, Fla.-based 
software maker. 

In an interview with Com- 
puterworld, Templeton ex- 


plained that his company is 
working on a technology- 
based approach to help cus- 
tomers count and manage li- 
cense connections through a 
service that either Citrix or 
the customer can run. 
Citrix’s core product, 
MetaFrame XP, delivers ap- 
plications to end users from 
a central server. Customers 


buy license connections 


through resellers based on 
the number of concurrent 


Citrix Systems announced new 
Pee a wee Meta eltlse 
® QuickLink 34224 
SR ACC LAA a emer 


dows NT servers running 
proprietary middleware that 
passes message traffic back 
and forth between its Web 
site and trading system. The 
company had also installed 
Linux-based IBM servers built 
around Intel microprocessors. 
On the other hand, Ameri- 
trade uses San Jose-based 
BEA Systems Inc.’s Tuxedo 
transaction middleware and 
has a technology infrastruc- 
Ameritrade, page 16 


- Ameritrade Is Keeping: 


@ Web site functionality from both 
online brokerages for use in a 
merged site 

§ Datek’s Streamer product 

for streaming news, charts and 


. sales information 


@ The Datek Direct order-router 
system, which lets customers 
track their trades 


users accessing the server. 

Licensing services will be 
built into Citrix’s software, al- 
lowing customers and the 
vendor “to count usage in 
about five different ways,” 
Templeton said. That will 
give both parties “the flexibil- 
ity to have licensing programs 
built around different ways of 
counting,” he added. 

He said he expects to pre- 
sent the new options to cus- 
tomers in about a year. 

For many of them, that 
promises welcome relief. Ray- 


| mond Leitz, director of tech- 
| nical services at AutoNation 
| Inc. in Fort Lauderdale, said 


Citrix’s current licensing poli- 

cies “do not make sense” for 

his company. For starters, he 
Citrix, page 57 
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Porsche has a 420-hp, water-cooled, 


Presenting Xserve, one of the fastest 1U servers on Earth. Featuring the 

exceptional performance of dual 1 GHz PowerPC G4 processors, each with 
2MB of Double Data Rate (DDR) L3 cache. Best-in-class storage, with up to 480GB on four hot-plug ATA/100 drives. And best- 
in-class networking capabilities with standard dual Gigabit Ethernet ports. Xserve also comes with UNIX-based Mac OS X 
Server software (with an unlimited client license), making it ideal for providing file and print services, mail and web services, 
streaming digital media and for running database applications. Xserve is also perfect for computational clustering and 1/0 


intensive applications like digital video, high-resolution digital imagery and managing large scientific datasets. And, thanks 
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The new Apple Xserve. 


twin-turbo power plant. We have this. 


to a convenient visual feedback system, you can monitor the performance of an entire rack with just a glance. Or, keep an 
eye on Xserve from virtually anywhere with Apple's next-generation remote management tools. 

Plus, you can swap parts and replace components at will without tools and get instant help with 

4-hour onsite response and 24/7 technical support with AppleCare* Xserve also provides out-of- 

the-box support for Mac, Windows, UNIX and Linux clients, three PCI slots (two of which are 

64-bit, 66MHz), software RAID mirroring and striping, a VGA graphics card, two USB ports and a 


host of other features that are far too numerous to list here. Apple Xserve. Take a look under the hood at apple.com/xserve. 


apply. For terms and conditions associated with the AppleCare Premium Service and Support Plan, visit www.apple.com/supporl/products 





Does your software let you manage and protect your wireless enterprise no matter 
ere it goes? 


Managing your enterprise was hard enough when you knew where it was. Now, thanks to the boom in wireless devices, mission-critical 
data and systems can walk in and out the door at will. That’s why it’s vital to have software that can keep track of your wireless enterprise 
no matter where it goes. Our infrastructure management software is considered the gold standard, making it one of the best choices for 
securing and managing your global environment. And it works across multiple platforms, so it’s compatible with what you have today 


and what you add tomorrow. Sure, your devices may still get lost. But your information won't ca.com/wireless/enterprise 
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Finding the T in TCO 


a 


ownership for desktop systems is becoming trickier, as 
workers’ desktops now comprise far more than PCs. IT 
departments must figure in the costs associated with lap- 
tops, PDAs, cell phones and wireless service connections. 
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NEWS 


6 Procter & Gamble is seeking 
smaller outsourcing deals af- 
ter ending negotiations with 
EDS on a large contract. 


Dell will introduce at Comdex 
a device aimed at HP’s iPaq 
product line. 


Microsoft users mull the im- 
pact as the antitrust case may 
have reached its end. 


Microsoft announces its 
Tablet PC operating system, 
which lets users input data 
with a digital pen. 


Verizon plans to offer IP- 
based network services in 
markets across the U.S. 


Although Republicans have 
gained control of Congress, IT 
observers say little is likely to 
get done on privacy without 
Democrats’ backing. 


Loews is deploying a client- 
less VPN that lets remote 
users securely access e-mail 
and the corporate intranet 
from any PC. 


Oracle will announce a man- 
agement tool upgrade de- 
signed to support the moni- 
toring of complete database 
and middleware installations. 


SAP’s xApps technology for 
linking multiple systems will 
take center stage at the com- 
pany’s developer conference. 


AOL enters the corporate in- 
stant messaging market, fol- 
lowing a similar announce- 
ment by Yahoo last month. 


In the Management Section: Calculating the total cost of 
| 


: 32 Spam Wars. Companies are 
enlisting technology to block 
nuisance e-mail, while spam- 
mers try to subvert it with 
new techniques to get their 
messages through. 


34 The Balancing Act. Tuning an 
intrusion-detection system is 
still a tricky affair that re- 
quires the right mix of tools, 
processes — and experience. 


36 Future Watch: Good Morning, 
Dave . . . The Defense De- 
partment is working on a self- 
aware computer. Will it be a 
dream machine or a science 
fiction nightmare? 


40 Security Journal: Stalking 
Elusive Access Points. Math- 
ias Thurman takes readers’ 
advice and creates a direc- 
tional antenna with a tennis- 
ball can to track down rogue 
WLAN access points. 


MANAGEMENT 


45 Know Your Partner. Includ- 
ing vendors on IT teams bol- 
sters project expertise, but at 
the risk of exposing too much 
inside information. Here’s 
how to get the most out of 
trusted suppliers while foiling 
corporate spies. 


52 Q&A: John Hagel III, co- 
author of the new book Out of 
the Box: Strategies for Achiev- 
ing Profits Today & Growth 
Tomorrow Through Web Ser- 
vices, offers tips to IT man- 
agers experimenting with the 
nascent set of technologies. 


WWO2 - 





Web Identity: Weighing the Alternatives 


In the Technology Section: Microsoft’s Passport and the 
Liberty Alliance specify incompatible authentication 
technologies today. Here’s how they work — and how 
they might interoperate in the future. Page 27 





OPINION 


8 On the Mark: Mark Hall en- 
counters a debate between 
IPsec and SSL security ven- 
dors and learns that Web ser- 
vices built with .Net are very 
vulnerable to reverse- 
engineering. 


24 Patricia Keefe warns C1lOs 
that the Sarbanes-Oxley Act 
that hopes to keep CEOs and 
CFOs honest may haunt IT 
executives, too. 


24 Pimm Fox is wary of so-called 
collaboration tools that re- 
quire lots of administrative 
help and leave management 
out of the picture. 


25 Thornton May wonders why 
portfolio management skills 
have withered in IT, because 
they could be a big help now. 


42 Nicholas Petreley claims PHP 
and Python are beginning to 
demonstrate their worth. 


52 Bart Perkins says anyone can 
cut supplier costs in a buyer’s 
market. But don’t squeeze too 
hard, he warns, because it’s 
bound to leave your suppliers 
angry and waiting for revenge. 


58 Frank Hayes says the Micro- 
soft antitrust ruling was no 
surprise to those who know 
about courtroom settlements 
and IT history. 
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Meet the Security Adviser 
KNOWLEDGE CENTER: As consultant Peter H. 
Gregory launches a new column in the Secu- 
rity Knowledge Center, he discusses the 
need for IT managers to maintain security 
awareness on the job at all times. 


© QuickLink 34212 
What’s Your Fault Feedback 
Ratio? 


KNOWLEDGE CENTER: Columnist Johanna 
Rothman says you should start tracking how 
many of your bug fixes are successful and 


how many are bad. € QuickLink 34155 


Siorage Editor’s Choice WebLog 
KNOWLEDGE CENTER: A collection of what 
you need to know from around the Web, 
compiled by editor at large Marian Prokop 
and online managing editor Sharon Machlis. 


@ QuickLink a2690 
Operating Systems Forum 


FORUMS: The Computerworld forums had 
more than 45,000 visits last week. Come see 


what the attraction was. @ QuickLink a2680 


Get Ready for the Rebound 


ONLINE NEWS: Companies can begin posi- 
tioning themselves now for an economic re- 
bound by focusing on technologies and 
strategies that will boost the top line, namely 
Web services, “right-channeling,” shareable 
systems and adaptive supply networks, say 
Forrester Research analysts. 
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AT DEADLINE 


Gates Details Visual 
C++ Upgrade Plans 


Bill Gates, Microsoft Corp.’s 
chairman and chief software ar- 
chitect, said the company is de- 
veloping a Visual C++ .Net up- 
grade that will be “98% confor- 
mant” to the International Organi- 
zation for Standardization’s C++ 
standard. Speaking at an object- 
oriented programming conference 


in Seattle, Gates also demonstrat- | 


ed a tool, code-named Scout, that 
Microsoft is using internally to 
uncover software vulnerabilities. 


DHL Opens Data 


Center in Arizona 


DHL Worldwide Express Inc. said 
it planned to begin using a data 
center in Scottsdale, Ariz., over 
the weekend, completing a trio of 
IT facilities in the U.S., Europe 
and Asia. San Francisco-based 
DHL plans to invest $250 million 
over the next five years to build 
and operate the new data center 
[QuickLink 27679]. 


Symantec Fixes 
Software Flaw 


Symantec Corp. issued a patch 
designed to fix a memory-alloca- 
tion flaw in its Norton Internet Se- 
curity 2003 software suite. The 
flaw could cause e-mail messages 
to be deleted before they reach 
end-user in-boxes. The problem 
involves the antispam portion of 
the software, according to Cuper- 
tino, Calif.-based Symantec 
[QuickLink 34291]. 


Sun Still Mulling 
Software Pricing 


Jonathan Schwartz, executive 
vice president of Sun Microsys- 
tems Inc.’s software unit, said the 
company still hasn’t decided how 
to charge users who want to buy 
more functional versions of the 
middleware products it plans to 
bundle with Solaris. Sun will in- 
clude limited-functionality ver- 
sions of its Open Net Environment 
products in the next release of the 
operating system, he said. 
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P&G Kills Single-Vendor 
Negotiations With EDS 


Consumer goods company will instead 
seek multiple smaller outsourcing deals 





BY TODD R. WEISS 
ROCTER & GAMBLE 
Co.’s quest for a multi- 
billion-dollar IT and 
business operations 
outsourcing deal took yet an- 
other twist last week, as the 


| consumer products maker dis- 


closed that it’s giving up on 
trying to reach an agreement 
with a single vendor. 

P&G had been negotiating a 
contract with Electronic Data 
Systems Corp. that was ex- 
pected to be worth as much as 
$10 billion over 10 years. But 
P&G spokeswoman Linda UI- 
rey said the Cincinnati-based 


| company now plans to pursue 


a series of smaller deals with 
multiple outsourcing vendors. 
“We’re going to continue to 


| look at outsourcing opportuni- 


ties,” Ulrey said. “What we've 
done is modify our approach.” 


BY BOB BREWIN 
Dell Computer Corp. plans to 
introduce a low-priced Pocket 
PC handheld computer at next 
week’s Comdex/Fall 2002 
trade show in Las Vegas as 
part of a bid to extend its 
reach into the corpo- 
rate IT market. 

Analysts said Dell’s 


| entry into the hand- 


held market is also de- 
signed to put added pressure 
on Hewlett-Packard Co. HP 
has been selling devices based 
on Microsoft Corp.’s Pocket 
PC operating system since 
early 2000 and currently of- 
fers iPaq devices developed by 
Compaq Computer Corp., 
which HP acquired in May. 
Dell offered a teaser intro- 





| 
| 
| 
| 


When asked if the weak 
third-quarter financial results 
EDS reported last month influ- 
enced P&G’s decision, Ulrey 
acknowledged that a warning 
issued by EDS “caused us to 
pause and look at the whole 
market. The dynamics there 
are changing very rapidly.” 


Pieces of the Pie 

P&G had already slowed down 
the pace of its talks with EDS 
after the two companies ini- 
tially indicated they were just | 
days away from finalizing a 

deal [QuickLink 33410]. De- | 


| spite last week’s development, 


EDS will still be invited to 
pursue pieces of the outsourc- 
ing pie at P&G, Ulrey said. 
Ken Smalling, a spokesman 
for Plano, Texas-based EDS, 
said company officials under- 
stand and accept P&G’s new 


Dell Targets HP With 
‘Pocket PC Handheld 


duction to its Axim X5 hand- 
held on its Web site last week. 
The vendor declined to dis- 
close pricing, except to say 
that the device would be sold 
at “unheard-of low prices.” 
Sam Bhavnani, an analyst at 
ARS Inc. in La Jolla, 
Calif., predicted that 
Dell will sell a low-end 
version of the Axim X5 
with Intel Corp.’s 300- 
MHz StrongArm processor 
and 32MB of memory for $199. 
A higher-end model with a 
400-MHz processor and 64MB 
of memory is expected to be 
priced at $299, he added. 
Bhavnani said Dell has con- 
tracted with Wistron Corp., a 
subsidiary of Acer Inc. in Tai- 
pei, Taiwan, to manufacture 


| 





| handheld of its 


direction. “We're pleased that 
we're considered by them to 
be a leading candidate to sup- 
port their needs,” he added. 
Andrew Efstathiou, an ana- 
lyst at The Yankee Group in 
Boston, said this kind of turn- 
about isn’t uncommon. Com- 
panies that want to outsource 
some of their business opera- 


We’re 

going to 
continue to look 
at outsourcing 
opportunities. 
What we’ve 


| done is modify 


our approach. 


| LINDA ULREY, SPOKESWOMAN 


PROCTOR & GAMBLE 


| the Axim X5. Wistron already 


makes the Cassiopeia line of 
Pocket PCs for Tokyo-based 
Casio Computer Co. Dell didn’t 
return calls seeking comment. 

The prices Dell is expected 
to charge are well below the 
$500 to $700 price range of 
HP’s iPaq line. HP plans to in- 
troduce new iPaq models at 
Comdex, but a spokesman de- 
clined to comment on the 
pricing plan for the devices. 

Alex Slawsby, an analyst at 
IDC in Framingham, Mass., 
said Dell took notice of the 
success HP has 


| had with iPaq 


among corporate 
users and decided 
that it needed a 


own to round out 
its hardware line. 
But the low 
price of the Axim 
X5 won’t matter 
for many corpo- 








Handheld PCs 


Palin Zire: $99 

Dell Axim: $199-$299* 
HP iPaq $500-$700 
Paim Tungeten T: $499 


*Based on analysts’ predictions 
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tions along with IT “have been 
very aggressive” in negotia- 
tions with vendors, he said. 

In this case, P&G has been 
looking to sell its back-office 
business operations to an out- 
sourcing vendor, which would 
likely have required a large up- 
front outlay of money on the 
part of EDS or another vendor. 

P&G has “had difficult ne- 
gotiations with everybody” 
because of the required cash 
infusion, Efstathiou said. 
“Now they want to break it 
up into smaller pieces so it’s 
more easily digestible.” 

EDS has had two rounds of 
negotiations with P&G in re- 
cent months. It was one of the 
original finalists for the out- 
sourcing deal, along with Dal- 
las-based Affiliated Computer 
Services Inc. (ACS). But EDS 
withdrew its proposal in July, 


| citing concerns over the ac- 


quisition price P&G was seek- 
ing for its operations. 

That left ACS as the only 
apparent contender. However, 
EDS returned to the table in 
September, and ACS took it- 
self out of the running. Lesley 


| Pool, chief marketing officer 


at ACS, last week declined to 
comment on P&G’s decision 
to seek multiple deals. D 


rate IT buyers, Slawsby said. 
He predicted that Dell will 
“throw in the handhelds as a 
deal closer” on sales involving 
its servers and PCs. 

Bhavnani said Dell is at- 
tempting to commoditize yet 
another slice of the computer 
market. But, he added, “there 
is a lot of room for innovation 
in this market,” pointing to the 
new Tungsten devices that 


| Milpitas, Calif.-based Palm 


Inc. announced last month 
(QuickLink 33932]. 

Palm, which uses its own op- 
erating system, 
also sells the $99 
entry-level Zire 
device. For that 
reason, Bhavnani 
said he doesn’t 
expect Dell’s en- 
trance to put as 
much pressure on 
Palm as it does on 
other Pocket PC 
vendors. D 
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Users Weigh Impact 
Of Microsoft Case 


Many IT managers 
uncertain decision 
will bring changes 


BY PATRICK THIBODEAU 
WASHINGTON 

Throughout the Microsoft 
Corp. antitrust case, users 
have been divided about the 
wisdom of the government’s 
actions. Now, as the case pos- 
sibly nears its end, many are 
mulling its impact. 

“I don’t see this having a sig- 
nificant impact on Microsoft 
or making the world more 
competitive,” said Donald 
Stroud, information systems 
director at Plain Dealer Pub- 
lishing Co. in Cleveland. “The 


world is going to be more 
competitive when somebody 

has better ideas that Microsoft 
| can’t take and run with.” 

But Andre Mendes, chief 
technology integration officer 
at the Public Broadcasting 
Service in Alexandria, Va., said 
he believes competition is 
| thriving, with or without the 


that innovation has not been 
stifled,” said Mendes, who 
pointed to success stories — 
| Linux, in particular. “By and 
| large, worthwhile and worthy 
| software packages are making 
inroads.” 

After three months of hear- 
ings that ended in June, U.S. 





Microsoft Launches Tablet 


Hardware vendors ready pen-based 


devices; early adopters satisfied 


BY LINDA ROSENCRANCE 
After months of prelaunch 
publicity, Microsoft Corp. last 
week unveiled its Windows 
XP Tablet PC Edition operat- 
ing system, which lets note- 
book users work with a digital 
pen instead of a keyboard. 

Nearly two dozen hardware 
vendors, including Acer Inc., 
Hewlett-Packard Co., NEC 
Corp. and Toshiba America In- 
formation Systems Inc., are set 
to release Tablet PC devices 
starting as early as this week. 

Microsoft officials claimed 
that the advent of the Tablet 
PC represents an evolution of 
the corporate notebook PC, 
and some early users said they 
think the technology can live 
up to the hype vendors are 
generating. 

David Methot, contracts 
manager at Bechtel National 
Inc., said the Richland, Wash.- 
based engineering firm has 
been using Taipei, Taiwan- 
based Acer’s TravelMate 100 
to reduce the amount of time 


| it takes to finalize contracts 
| with customers. 
|  Methot said that even 
| though Bechtel has a Web- 
| based contract management 
system, contract closeout ad- 
ministrators often ran into de- 
lays because they had to track 
him down to get his signature 
on hard-copy documents. But 
with the Tablet PC, the admin- 
istrators can save hours or 
even days by e-mailing Methot 
the documents, which he signs 
electronically and then sends 
back to them. 

Workers are also using the 
devices to take handwritten 
|; notes during meetings, saving 
| the time it would take them to 
transcribe notes written on pa- 
per into their PCs, he said. 

Tablet PC users can write 
| directly on a specialized LCD 
screen with a digital pen or, in 
some cases, input information 
using a traditional keyboard 
and mouse. Microsoft also 
| included a program called 
Microsoft Windows Journal, 





| lawsuit. “I think there is plenty | 
of evidence in the marketplace | 
|} would be difficult. Appeals 

| courts tend to give a lot of def- 





District Court Judge Colleen 
Kollar-Kotelly on Nov. 1 reject- 
ed a sweeping set of remedies 
sought by nine states that had 


| refused to sign a Bush admin- 
| istration settlement. 


The case isn’t officially 
closed, and if the nonsettling 
states decide to appeal, it 
could last another year at 
least. The state attorneys gen- 
eral were occupied with re- 
election last week, and no de- 


| cision has been made on an 


appeal, said Bob Brammer, a 
spokesman for Attorney Gen- 
eral Tom Miller of Iowa, one 
of the nonsettling states. 
Legal experts say an appeal 


erence to trial judges, said 
Robert Lande, a University of 
Baltimore law professor, who 


said the decision is “close to 
| appeal-proof.” 


But that’s not to say that the 
nonsettling states don’t have 


PC Software 


‘Tablet PC 


= The software includes the full 
capabilities of Windows XP 
Professional Edition. 

= Users can write directly on an 
LCD screen using a digital pen. 
® Handwritten notes can be 
saved in longhand or converted 
into ASCIl text. 

= Supported languages include 
English, German, Japanese, 
Korean and Chinese (both tra- 
ditional and simplified). 


which allows handwritten 


| notes to be stored as graphics 


called digital ink. In addition, 
the software can convert hand- 


| written notes into ASCII text. 


The Tablet PC devices, 
which are expected to cost 
about $2,000, are designed for 


| users who aren’t typically teth- 


ered to their desks, such as in- 
surance adjusters and field 


| sales and service workers. 


The underlying use of Win- 


| dows XP paves the way for the 
| new technology to fit into cor- 





What’s Next? 


APPEAL? The nine nonsettling 
states could appeal, but legal 
experts say the chances for a 
successful appeal are slim. 


EUROPE: This is Microsoft's 
most significant threat; antitrust 
authorities are due to act next 
month. 


PRIVATE CASES: Preliminary 
injunction would force Windows 
Java Virtual Machine distribution. 
Otherwise, cases may take years. 


grounds. The states could ar- 
gue that in limiting her reme- 
dies, Kollar-Kotelly misread 
last year’s Court of Appeals 
decision that upheld a lower 
court’s finding that Microsoft 
had illegally maintained its 
operating system monopoly. 
“She has let them off the 
hook from some of the more 
substantial liability findings, 


| porate IT infrastructures and 
| makes it possible for develop- 
| ers to use existing tools to 


build Tablet PC applications, 
said Kelly Berschauer, a prod- 


} uct manager at Microsoft. 


Henry King, CIO at Skid- 
more, Owings & Merrill LLP, 


| said building designers at the 
| New York-based architectural 
| firm use design-creation and 

| communication software de- 

| veloped by Autodesk Inc. on 


HP’s Compaq TC 1000 tablet 


| device. 


King said the combination 


| of the Tablet PC and San 
| Rafael, Calif.-based Autodesk’s 
| application lets users sketch 


out design concepts, mark up 


| drawings and instantly send 


changes to the entire design 

team from remote locations. 
Selling users on the Tablet 

PC technology won’t be a 


| short-term slam-dunk for Mi- 

| crosoft and its hardware part- 
| ners, said Michael Gartenberg, 
| an analyst at Jupiter Media 


Metrix Inc. in New York and a 
Computerworld columnist. 
But, he added, “five years from 
now, it’s likely that tablet func- 
tionality will become part of 
mainstream computing, and 
we won't view it as anything 
special or different.” D 
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and I think that is something 
that will raise eyebrows,” said 
Donald Falk, an antitrust at- 
torney at Mayer, Brown, Rowe 


| & Maw in Palo Alto, Calif. 


Some observers said the 
lawsuit may have changed Mi- 
crosoft for the better. “There 
appears to be an effort to clean 


| up their practices, as well as 
their image,” said Chris Apgar, 


head of security at Providence 
Health Plan in Beaverton, Ore. 
Whether that really is true or 
is a new coat of whitewash re- 
mains to be seen.” 

If users are uncertain about 
the antitrust case’s impact, Mi- 


| crosoft’s competitors — de- 
spite the ongoing private anti- 


trust cases — seem resigned. 
‘Ultimately, it’s now case 


| closed, and it’s back to creat- 


ing great products and letting 
the customers decide,” said 
Matthew Szulik, CEO and 
president of Linux vendor Red 
Hat Inc. in Raleigh, N.C. 
Makers of products that Mi- 
crosoft wants to compete with 


| are wary. Microsoft has made 
| an aggressive push into the 


| development of mobile phone 
| software and operating sys- 


tems over the past three years, 


| but so far major players don’t 
| feel threatened. 


William Plummer, vice 


| president of strategic planning 


and external relations at Nokia 
Inc. in Irving, Texas, said he 
expects antitrust authorities 


| will “remain vigilant” to en- 


sure that any one company 


| doesn’t try to “manipulate” the 


mobile phone market. 
Jon C. Dell’Antonia, infor- 
mation systems director at 


clothing maker OshKosh 


B’Gosh Inc. in Osh Kosh, Wis., 


| said only time will tell what 
| changes the lawsuit will bring. 


But, he said, “what did [Micro- 


| soft] really lose? What did 


they get taken away from them 


| that’s really significant? The 


answer I come up with is, 
‘Nothing’.” D 


Bob Brewin and Todd R. Weiss 


contributed to this report. 


Microsoft still faces legal actions brought by 
competitors and the European Commission: 


| Qe QuickLink 34231 


www.computerworld.com 
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IBM Taps Leader of 
‘On-Demand’ Push 


IBM announced in an internal 
memo that it’s naming Linda 
Sanford, who has been heading 
ihe company’s storage systems 
group, to take charge of the “on- 
demand” computing initiative 
outlined two weeks ago by CEO 
Samuel J. Palmisano [QuickLink 
34091]. IBM said the storage 
unit will be merged with its serv- 
er group effective Jan. 1. 


WorldCom, SEC in 
Settlement Talks 


WorldCom Inc. said that it’s dis- 
cussing a settlement of an inves- 
tigation into its accounting irreg- 
ularities with the U.S. Securities 
and Exchange Commission. The 
company added that “based on 
very preliminary reviews,” it now 
expects to lower previous profits 
by more than $9 billion. That’s 
up from an earlier estimate of a 
decrease of $7.2 billion, which in 
turn was roughly double what 
WorldCom initially predicted. 


Cisco Up in Q1, But 
Lowers Its Forecast 


Cisco Systems Inc. reported its 
sixth straight quarter of improved 
financial performance, saying 
that revenue rose 9% year-over- 
year to $4.8 in its first quarter. 
Net profits totaled $618 million 
during the quarter, which ended 
Oct. 26. But Cisco predicted that 
revenue in the current three- 
month period could be about the 
same as in the first quarter or 
down by as much as 4%. 


Ce I ASE 


Short Takes 


Ottawa-based COREL CORP. laid 
off about 220 employees, reduc- 
ing its workforce by 22%. . . . 
IBM announced a deal to buy 
Tarian Software Inc., an Ottawa- 
based developer of electronic 
records management software. 
... NOVELL INC. released an up- 
grade of its eDirectory software 
that adds support for IBM’s AIX 
operating system. 





NEWS 


MARK HALL ® ON THE MARK 


IPsec, SSL Vendors May 
Fumble Security ... 


... opportunities in the emerging Web services world, where applica- 
tions will be protected higher in the software stack, according to Bob 
Blakely, chief scientist for privacy and security at IBM’s Tivoli Soft- 
ware unit. Both IPsec and SSL, he says, don’t use “intuition” like peo- 
ple do in protecting systems. He likens the protocols to “the British 
Army notion of security, where they will defend themselves until they’re 
killed. Protection is not defeating an enemy, but holding it off until 
people can fix the problem,” he adds. Until Web services arrive in 


force, however, IPsec and SSL vendors will | 
continue to whack each other with claims 
about the deficiencies of the other's ap- | 
proach. Evan Kaplan, CEO of Seattle- 
based Aventail Corp., touts SSL for its 
ubiquity in browsers and slams IPsec for | 
its complexity. Countering is Sweta 

Duseja, product marketing 
manager at Check Point Soft- 
ware Technologies Ltd. in 
Redwood City, Calif., who 
disses SSL because its simplic- HECieraas 
ity is valid with only HTTP- ee 
based applications; anything 
else, and you've got increased 
licensing and installation has- 
sles. IPsec, she argues, gives 
IT better management control 


ole 
over resources. Both compa- pane 


nies are doing more than just as 
tossing brickbats at each oth- 
er. Aventail is readying a Java 
client that will work with its 
EX-1500 security appliance, 
adding security to PDAs, Mac- 
intoshes, kiosks and anything 
else that can run a Java virtual 


SE) ey 


Verizon Seeks to Move |“ 
‘Beyond Local Networks | tiiincscnr sat! pn 


TEAC ae ltl ly 
releases Net! 
Web Mail and Net- 
MAX Store, an 
e-commerce store- 


today ships Pocket- 
DBA 2.0 with en- 
hanced Oracle fea- 
Piece ORC ee 
EIT a mm rcertey if 
SQL Server and 


machine. It’s now in beta with no sched- 
uled release date, says Kaplan. Not to be 
outdone, Duseja points to Check Point’s 
Linux client, which will ship before 
year’s end. And, she says, the company is 
already building client code for Apple 
Computer Inc.’s OS X for delivery next 
year. ® Web services may be 
offering a new methodology 
for security, but the code you 


ATi aay liter elicy use to build these services 


may be the most vulnerable 
part of the application, espe- 
cially if you’re using Visual 
Studio .Net. Web services cre- 
ated with Microsoft Corp.'s de- 


MAX 


decompiled, revealing their 
source code and thus jeopar- 
dizing intellectual property 
as well as the program’s se- 
curity and licensing restric- 
tions. That’s why at Comdex 
next week Microsoft will be 
bragging about a deal it 
made with PreEmptive Solu- 
tions Inc. The Cleveland- 


velopment platform can easily be | 


Verizon CEO Ivan Seidenberg 
| said during a conference call. 


www.computerworld.com 


based company’s Dotfuscator, now avail- 
able as a separate tool, will become part 
of the next release of Visual Studio .Net, 
code-named Everett, in the first half of 
next year. Microsoft developers are unac- 
customed to protecting their code, says 
PreEmptive CEO Gabriel Torok, because 
Windows apps are compiled as x86 bina- 
ries — far more difficult to reverse-engi- 
neer. This is no small matter, because 
there are plenty of tools to decompile 
software, and it’s not illegal. But it’s not nice. 
| = Is your Oracle database slower than a 
vendor’s customer support? Well, next 
| April you can boost its speed with Info- 
Cyclone Inc.’s database accelerator appli- 
ance. The Tel Aviv-based company be- 
lieves that its device can deliver near- 
real-time responses even to the most 
complex business intelligence queries by 


| replicating the most used data in its 46B 


or 16GB memory. ® Online CRM vendors 
are warily waiting for Microsoft to re- 
lease its CRM product, which Alex Si- 
mon, product unit manager, says will ship 
in “30 to 40 days.” Keith Raffel, chairman 
of UpShot Corp. in Mountain View, Calif., 
| purports that because you'll be able to li- 
cense Microsoft CRM for on-site use, as 
well as via the application service 
provider model like his company’s com- 
peting software, the Redmond giant’s ap- 
proach “will not be a true Web service.” 
Simon says that’s not so. “All of it is .Net- 
aware,” he claims. The UpShot software, 
which is built on .Net technology, goes 
live next week. The vendor hopes that 
the software’s “gangbuster growth” will 
get a boost from its tight integration with 
| Microsoft Outlook. Raffel is also betting 

| that Microsoft’s entry will boost overall 
interest by midsize companies in online 
CRM. No doubt. According to Simon, Mi- 
| crosoft will be spending tens of millions 

| of dollars to promote the new software. 

| As if we don’t hear from them enough. D 





| storage, business recovery, se- 
curity and remote access. 


| communications carrier last 


Verizon's business is largely 


to set up an IP-based network 
backbone along the Interstate 


Jeff Kagan, an independent 
analyst in Atlanta, said that 
Verizon is positioning itself to 
be like AT&T Corp. and other 
national carriers by emphasiz- 


Plans to offer 
IP-based services 


BY MATT HAMBLEN 
Verizon Communications last 
week said that it plans to court 


| month won approval from the 

| U.S. Federal Communications 
Commission to offer long-dis- 
tance services in Virginia, and 
a spokesman for Verizon said 
it expects to receive similar 


; and Tampa, Fla. 


| 95 corridor between Virginia 

| and Massachusetts within a 
year and then add connections 
to its business operations in 
Dallas, Los Angeles, Seattle 


ing managed network services, 
not just long-distance voice. 
Bill Moore, telecommunica- 
tions manager at the Museum 
of Modern Art in New York, 
said he hopes the expanded 


large corporate users with IP- 
based voice, data and network 
management services, as a re- 
sult of its expanding long-dis- 
tance footprint 





| 
| next April. 


The New York-based tele- 


approvals for Maryland, West 
Virginia and Washington by 


The FCC approvals should 
help the company become a 
national network operator, 


The full rollout is due to be 
completed during the next 18 
months. Verizon said it will of- 

| fer voice and data networking 
| as well as services such as net- 
work management and data 





strategy means he will get bet- 
ter treatment from Verizon. “I 
have three different Verizon 
reps in three states, so maybe 
this means I’ll now only have 
one to deal with,” he said. D 
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Best of all, you will never be boxed in by pro- 
prietary solutions. PowerStruXure is vendor- 
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| enjoy the fact that | can 
buy only what | need now 
and add to it later only when 
| need to.” 


Michael Touchstone, 
Manager of Energy 
Conservation, 

Cox Communications 


‘PowerStruXure’s integration is an example 


of thoughtf 
costly, disparate environmental 
a data center and unifying them 
Greg Tally, Broadband Editor 
Boardwatch Magazine 
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Annoying error messages 
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System crashed on unsaved document 


Recognize any of those issues? Or, perhaps, all of them? We 
thought so. That’s why we’ve made Microsoft® Windows® XP 
Professional and Microsoft Office XP Professional the most 
reliable desktop we've ever built. Want specific examples? 
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Everything worked fine yesterday 


Windows XP Professional has an average system uptime that is the current‘document, spreadsheet, or presentation at the time 
10 times better than Windows 98 SE, and 3 times better than an application stops responding, so usérs don’t lose all their.work if - 
Windows NT 4.0, so there are fewer work stoppage incidents. (and don’t call the helpdesk looking for it). Wait more reaSons to c 7 ee 


With AutoRecovery, Office XP Professional automaticallysaves upgrade? Visit-microsoft.com/desktop : 
> ~~, 





Data based on eTesting Labs Windows XP Retiabitity Study. Fil! report available at: http ..(www.etesting!abs.com/main ‘reports/ ms«prely pdt rs 
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NEWS — 


Senate May ‘Take New 
Tack on Tech Issues 


Fate of opt-in effort in doubt; stronger 
support for banking privacy possible 


BY PATRICK THIBODEAU 
WASHINGTON 
EPUBLICAN control 
of both houses of 
Congress, and the 
leadership changes 
it will bring about, could deter 
efforts to bring opt-in privacy 
protections to online com- 
merce. However, Capitol Hill's 
approach to other privacy 
issues may not change. 

The bid to allow the sharing 
of personal information only 
if consumers actively agree to 
it, known as opt-in, has been 
strongly opposed by the tech- 
nology industry but champi- 
oned by Sen. Ernest “Fritz” 
Hollings (D-S.C.), the current 
chairman of the Senate com- 
merce committee. That has 
the technology industry wel- 
coming the return of Sen. John 
McCain (R-Ariz.) as chairman 
of the key committee. 

“McCain is certainly more 
tech-industry-sensitive then 
Hollings,” said John Pala- 
foutas, vice president of the 
AEA, an electronics trade 
group in Washington. But 
Hollings “is still a force to be 
contended with, and for any- 
thing to happen in that com- 
mittee, Sen. McCain is going 
to need Hollings’ coopera- 
tion,” Palafoutas said. 

The differences between 
McCain and Hollings on pri- 
vacy are clear; McCain has 
previously backed the more 
passive opt-out approach to 
privacy legislation. 


Smoother Transition 
While the Senate commerce 
committee will likely shift in 
its approach, the same can’t 
be said for the Senate banking 
committee, which is expected 
to take up renewal of the state 
preemption provisions of the 
privacy protections in the Fair 
Credit Reporting Act (FCRA). 


The FCRA allows sharing 
of certain kinds of data among 
business affiliates; states are 


| prohibited from setting their 


own data-sharing rules. The 


| provision, which expires at the 


end of next year, has the po- 
tential to become the leading 
financial privacy issue of 2003. 
In this case, a change in lead- 
ership may not make a differ- 
ence. Sen. Paul Sarbanes (D- 
Md.), the chairman of the 
banking committee, may be 
replaced by Sen. Richard Shel- 
by (R-Ala.), also a strong advo- 
cate of privacy protections. 
“Shelby is one of the most 
ardent pro-privacy senators of 
either party,” said Evan Hen- 


| dricks, editor and publisher 


of “Privacy Times.” “Privacy 


| is in much better shape [in the 
| banking committee] than any- 


where else.” 
But the Senate commerce 
committee has been the key 


| committee for technology 
| legislation. It was there that 


Hollings began his effort to 


| force technology suppliers to 
| build mechanisms into their 


products to stop piracy. 
That measure has already 


| faced problems. “If it wasn’t 


already going nowhere, I think 


| with the Republican control of 
| the Senate, it would be [more 


likely to go nowhere],” said 


| Rhett Dawson, president of the 


Information Technology In- 


| dustry Council in Washington. 


The Republicans “are even 


| less enthusiastic about having 


Clientless VPNs Gain Steam 


Offer access to 
corporate nets 
from any computer 
BY MATT HAMBLEN 
Financial conglomerate Loews 
Corp. next week will begin the 
second phase of a clientless 
virtual private network (VPN) 
rollout to give remote users 
access to its internal network. 
The adoption of emerging 
clientless VPN technology by 
New York-based Loews means 


| that users won't need to load 


a VPN client on a remote PC, 


giving them secure access to 


e-mail and corporate docu- 
ments from any computer. 
Analysts described client- 
less VPNs, often dubbed 
Secure Sockets Layer (SSL) 
VPNs, as a relatively new of- 


| fering being delivered in the 


past three months by many 
networking providers. 
“What intrigued us was that 


les . 
| it meets our goal to get e-mail 





| access from an Internet cafe 

| in Istanbul or anywhere,” said 
| Al Alexander, manager of the 
| Loews information center. 


Avoiding the need to install 
VPN clients was essential 


| for the company because it 
| has several subsidiaries and 


18 Lotus Notes servers nation- 


| wide, Alexander said. 


“It’s a good way for consoli- 


| dating control without a lot of 
overhead,” he added. “It’s the 

| most secure thing we’ve been 
| able to come up with at this 


point that allows access from 


any computer.” 


| More Access Soon 


Loews began using the client- 


| less VPN from Whale Com- 


munications Ltd. in Fort Lee, 
NJ., this past summer, enabling 


| 200 users to access e-mail. 


Starting next week, Loews will 
allow users to access its cor- 
porate intranet for informa- 
tion such as human resources 
policies and notices. 
Conventional VPNs, which 





| Congress get in the middle of 
| technology choices” than the 


Democrats, said Dawson. 
IT industry officials, how- 
ever, said no bills will get 


| passed without Democratic 
| support, particularly because 
of the Senate’s 60-vote rule. 


Ari Schwartz, associate 


| director of the Washington- 
| hased Center for Democracy 
and Technology, said McCain 


worked to get bipartisan pri- 
vacy legislation adopted, and 


| he believes that debate will 


resume. “A significant number 


| of members ... are for stronger 
| . ” . 
| privacy rules,” he said. 


Technology associations 
and business trade groups 
have supported opt-out laws 
because consumers often 


| don’t take advantage of them 
| [QuickLink 29879]. For exam- 
| ple, the 1999 Gramm-Leach- 


Bliley financial modernization 


| act includes a number of opt- 
| out privacy protections. 


Gramm-Leach-Bliley gives 
customers the right to stop 
financial services firms from 
selling or sharing their per- 


create a virtual tunnel in a net- 
work with encryption technol- 


| ogy, require software clients 


on remote machines and are 


| often coupled with corporate 


firewalls, analysts noted. 

The global VPN/firewall 
market is approaching $3 bil- 
lion this year and will hit $5 bil- 
lion in 2005, said Jeff Wilson, 


| director of Infonetics Research 


Inc. in San Jose. For the new 


| clientless VPN category, which 


OTT Ceo ad 
The remote user initiates 
access to e-mail and other ap- 


Pe MUR ULM 
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SSL VPN gateway outside the 
company firewall. Authentica- 
tion is then required. 
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payload across the firewall and 
then re-creating the packet flow 
on the other side for e-mail and 
intranet access. 
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SRR > 
Republican Rule 


These Senate leadership changes 
could affect privacy legislation: 


= Commerce committee 
chairman Sen. Ernest “Fritz” 
Hollings (D-S.C.) favors the opt- 
in approach to sharing con- 
sumers’ personal information 
with third parties. Sen. John 
McCain (R-Ariz.), the returning 
chairman, prefers opt-out. 


® With Sen. Phil Gramm 
(R-Texas) retiring, the path is 
clear for the banking committee's 
two most ardent privacy advo- 
cates to make changes. Sen. 
Richard Shelby (R-Ala.), who 
may become the next chairman, 
wants strong privacy protections, 
as does Sen. Paul Sarbanes 
(D-Md.), the current chairman. 


sonal data with third parties. 


| All that customers have to do is 


opt out. But critics charge that 
the privacy notices are full of 
legal jargon and fine print and 


are difficult to understand. 


Less than 5% of customers opt 
out of data sharing. D 


usually involves installing 
a gateway device, the market 


bree oo ee haa : 
| will hit $56 million this year 


and is expected to reach 


| $986 million in 2005, he said. 


Wilson said a “ton of play- 


| ers” are already making the 


gateways, including major 


| vendors such as Nortel Net- 


works Ltd. in Brampton, On- 
tario, and Check Point Soft- 
ware Technologies Ltd. in 
Redwood City, Calif. He listed 
eight smaller vendors as well. 

Most of the products func- 
tion as proxy devices that sit 
in front of a corporate firewall. 
“The downside of these is that 
you can’t access all legacy ap- 
plications,” Wilson said. But 
clientless VPNs are a good 
complement to IPsec VPNs, 
and many large companies 
will use both, he said. 

Whale’s e-Gap Remote 
Access Appliance provides 
centralized encryption at the 
firewall, applying one SSL 
certificate for each outgoing 
data stream. Incoming data 
is scanned with two-factor 
authentication. Pricing starts 
at $23,000. » 
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NEWS 


Oracle Prepares to Boost ‘Tools 
For Database Management 


Enterprise Manager upgrade aims to 
broaden its administrative capabilities 


BY MARC L. SONGINI 
RACLE CORP. is 
moving to central- 
ize systems man- 
agement, monitor- 

ing and performance-analysis 

operations for users of its 
databases and middleware. 

At its OracleWorld con- 
ference in San Francisco this 
week, Oracle plans to an- 
nounce the latest version of 
its Enterprise Manager soft- 
ware. Company Officials said 
Version 4.0 will let IT staffers 
proactively monitor their en- 
tire Oracle database instal!a- 
tions, from the underlying 
hardware to end-user devices. 

“Right now, when people 
look at performance, they look 
at the systems but don’t see it 


CSC Close to New 


Outsourcing Deal 


Computer Sciences Corp. (CSC) 
said it’s in final negotiations for 
an IT outsourcing contract with 
the rail equipment manufactur- 
ing unit of Montreal-based Bom- 
bardier inc. The deal is expected 
to take effect in February and 
could be worth more than $670 
million over seven years, El Se- 
gundo, Calif.-based CSC said. 


Brocade Strikes 
Back at Cisco 


Brocade Communications Sys- 
tems Inc. agreed to buy Rhapsody 
Networks Inc., a Fremont, Calif.- 
based maker of multiprotocol 
storage switches, for about $175 
million in stock. The deal is seen 
as a counterstrike by San Jose- 
based Brocade in reaction to Cis- 
co Systems Inc.’s planned acqui- 
sition of Andiamo Systems Inc. 








from an end-user perspective,” 
said Rene Bonvanie, vice pres- 
ident of marketing for Ora- 
cle9i products. But, he added, 
the Enterprise Manager up- 
grade will let administrators 
monitor complete technology 
stacks without having to cob- 
ble together multiple manage- 


ment applications. 


Version 4.0 will also add the 
ability to view various perfor- 


| mance benchmarks, such as 
| query response times, through 


a single user interface, Bonva- 


| nie said. In addition, it can 
| track what software patches a 
| user has installed and how 


well they're performing. 
Arthur Meacham, computer- 


| assisted dispatch system 
| administrator for the Caddo 





ofits ¢ somite 


DETAIL plans to add interactive 
features to its collaboration soft- 
ware, which was released last 
month and includes unified mes- 
saging and calendaring tools. 


Parish 9-1-1 District in Shreve- 
port, La., says the new capabil- 


| ities in Version 4.0 sound ap- 
| pealing. The public-safety 


agency uses an Oracle8.1.7 
database running on a Win- 
dows NT server to support 


SAP to Push New Strategy 


For Cross-Applications 


Software links 


| multiple systems 


BY MARC L. SONGINI 
At its developer’s conference 
this week, SAP AG will try to 
sell users on the value of a 
new cross-applications initia- 
tive designed to support the 
creation of repeatable busi- 
ness processes that can run 


| over disparate applications. 


SAP plans to use the TechEd 
02 conference in New Orleans 
to run a series of workshops 
on the cross-applications tech- 
nology. The software vendor 


| will also announce that it has 


signed on some key systems 
integrators to support the 
xApps initiative, including 
Accenture Ltd. and Deloitte 
Consulting. 

The xApps strategy was an- 
nounced in June, and SAP is 
due to release an initial prod- 





uct next month (see box). The 
cross-applications “are a way 
of helping customers to de- 
ploy new software solutions 
without replacing existing sys- 


| tems,” said Peter Graf, vice 
| president of market strategy 
at SAP. 


For example, Graf said that 
Calgary, Alberta-based elec- 
tricity generator TransAlta 
Corp. has deployed an early 
version of a third-party xApp 
application that’s aimed at im- 
proving plant operations man- 
agement. The software lets 
end users in maintenance, 
operations and engineering 
share information across vari- 
ous technology platforms to 
address equipment malfunc- 
tions or changes in order 
scheduling. 

TransAlta, which uses SAP’s 
R/3 enterprise resource plan- 
ning software, has gone live 
with the xApp at one plant in 








the routing of police and fire 
calls and the dispatching of 
emergency vehicles. It also 
uses the Oracle9i application 
server and portal software to 
make information available to 
the public on its Web site. 
“T’m the sole DBA at my 
site, and it’s my responsibility 
to keep up with performance,” 
Meacham said. A centralized 
interface would make that 
process much simpler, he 
added. Meacham currently 
uses Enterprise Manager 2.2 
to handle database analysis 
and other functions. 
“Certainly, anything to inte- 
grate the tools even more 
would be welcome,” said Dan 
Vlamis, president of Vlamis 
Software Solutions Inc., a Lib- 


| erty, Mo.-based Oracle consul- 


tancy. Vlamis is also president 


| of the business intelligence 


special-interest group within 


Washington state thus far, said 
Paul Kurchina, the company’s 
manager of program manage- 
ment. He added that TransAlta 


| plans to extend the applica- 
| tion to its other plants during 
| the next 18 months. 


| Built-in Connections 


The software is being co- 


developed by SAP and NRX 
Global Corp., a Toronto-based 


| IT systems and services ven- 


SAP’s xApps 


& The cross-applications envi- 
sioned by SAP will include 
built-in hooks to a mix of sys- 
tems so users can avoid the need 
for point-to-point connections. 


® SAP by year’s end plans to 
ship a resource and program 
management xApp that’s de- 
signed for use in managing com- 
plex IT and research projects. 


® The company is also working 
on an xApp to support merger- 
related financial and budgeting 
work that requires data feeds 
from different systems. 
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| the Chicago-based Interna- 


tional Oracle Users Group. 

He noted that how well Ora- 
cle’s message sells may de- 
pend on the audience. Many 


| database administrators will 


be interested in simplifying 
management routines, Vlamis 
predicted. But higher-level IT 
executives often don’t take 
ease of management into con- 
sideration, he added. 

IBM is building self-tuning 
and self-management capabili- 
ties into an upgrade of its DB2 
database that’s due out late 
this month, and Microsoft 
Corp. claims to have embed- 
ded similar features in its SQL 
Server software. 

But Wayne Kernochan, an 
analyst at Aberdeen Group 
Inc. in Boston, said IBM and 
Microsoft separate database 
administration from systems 
management. Oracle’s com- 
bined approach could help 
companies that have database 
administrators managing mul- 
tiple installations of its data- 
bases, but it may not be as ap- 
pealing to users with multi- 
vendor software, he added. D 


dor that’s also hosting the ap- 
plication for TransAlta. The 
technology includes built-in 
connections for accessing var- 
ious databases, drawings, 
manuals and documents. The 
cost and challenges of build- 
ing those links internally 
would have been prohibitive 


| for TransAlta, Kurchina said. 


“Tt came together to take out 
a lot of different pain points,” 
he said, adding that a role- 
based portal lets end users get 
alerts and information without 
even seeing the various appli- 
cations they’re accessing. 

SAP officials said NRX 
plans to sell the plant opera- 
tions xApp more widely, but a 
shipment date hasn’t been set. 

SAP’s strategy of getting 
users, integrators and other 
vendors on board to develop 
xApps is sensible, said Joshua 
Greenbaum, an analyst at En- 
terprise Applications Consult- 
ing in Daly City, Calif. “The 
potential number of xApps is 
more than SAP [alone] could 
bring to market in the next 18 
months,” he said. D 
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AOL Takes AIM at Corporate 


NEWS 


Instant Messaging Users 


Security, control 
enhancements for 
businesses added 


BY TODD R. WEISS 

America Online Inc. last 
week unveiled security and 
control features designed to 
give its widely used AOL In- 
stant Messenger (AIM) prod- 
uct the teeth it needs for cor- 
porate use. 

Dulles, Va.-based AOL said 
its Enterprise AIM Services 
(EAS) will give IT administra- 
tors more control over instant 
messaging (IM) use, along 
with long-desired security and 
auditing features critical for 
business use. 

The EAS package will in- 
clude AIM Enterprise Gate- 
way, which is to be installed 
behind a company’s firewall to 
help provide tighter control 
over incoming and outgoing 
messages. Also being offered is 
an optional Private Domain 
Service, which features feder- 
ated authentication to allow 
companies to centrally manage 
users through their existing 
corporate server directories. 

AOL is also providing devel- 
oper packages and programs 
so applications can be written 
to integrate with its IM client. 

Still missing from the AIM 
client package for business, 
however, are encryption capa- 
bilities, which are being worked 
on in beta versions and are due 
for release by early next year. 

The AOL announcement 
comes a month after Yahoo 
Inc. in Sunnyvale, Calif., be- 
came the first major consumer 
IM company to announce an 
enterprise edition of its IM 
software, called Yahoo Mes- 
senger Enterprise Edition 1.0 
{QuickLink 33446]. 

Rather than redesign a cor- 
porate IM client from scratch, 
AOL is using its existing con- 
sumer IM client and wrapping 
it with the enterprise services 
package, said Derick Mains, an 





AOL spokesman. To add secu- 
rity and archiving features, 
AOL enlisted the help of Fos- 
ter City, Calif.-based FaceTime 
Communications Inc., which | 
embedded its technology into 
the AIM client to provide 
needed features, Mains said. _| 
VeriSign Inc. in Mountain 
View, Calif., is also working 
with AOL to integrate encryp- 
tion capabilities by next year. 


Making Inroads 

AOL hasn't publicized pricing 
for EAS, since it will depend 
on variables such as the size of 
the deployment. However, it’s 


| expected to cost about $34 to 
| $40 per seat. The new services 
and features, with the excep- 


tion of the encryption capabil- 
ities, are available now. 
Michael Osterman, an ana- 
lyst at Osterman Research 
Inc. in Black Diamond, Wash., 


| called the business version of 


AIM “a pretty significant de- 
velopment,” because AOL is 
the leader in the consumer IM 
marketplace. 

“It doesn’t have all the fea- 
tures yet,” he said. But that 


probably won’t be a problem, 


because many businesses 
won't have the money in their 


end-of-year budgets to deploy 
it now anyway. By the time IT 
departments are ready to look 
into EAS next year, he said, 
encryption features will be in- 
corporated, making it a com- 
pelling product to investigate. 
Robert Mahowold, an analyst 
at IDC in Framingham, Mass., 
said that one challenge AOL 
will face is getting IT decision- 
makers to believe a system that 
| still uses the consumer version 
| of AIM will do the job for them. 
“AOL has done its due diligence 
preparing the product,” he said. 
| “But they still have to see how 
| the market reacts. 

“AOL's first job is to convert 
| the companies that have been 
informal users to get them to 

be paying customers,” Ma- 
howold said. “I think if they 
can do that, they win.” 

AIM is the world’s most 
popular IM client, delivering 


HP, Sun Revamp Channel Programs 


Offer partners 
new incentives for 


| good performance 


BY JAIKUMAR VIJAYAN 
Hewlett-Packard Co. and Sun 
Microsystems Inc. last week 


| announced new financial in- 


centives and simpler adminis- 
tration for their respective 


| channel partners, in moves 
that could result in better 


| separate programs the com- 
| pany had in place following its 


| through joint marketing ef- 


product and ser- 
vice delivery for 
users. 

HP’s partner- 
One program, 
which will initially be rolled 
out to its 20,000 partners in 
the U.S., replaces about 40 


merger with Compaq Com- 
puter Corp. 

PartnerOne will focus a lot 
more than previous channel 
programs on helping HP part- 
ners grow top-line revenue 


forts, said Carl Ramsey, a di- 
rector in HP’s channel organi- 


| zation. For instance, HP is de- 


livering a series of demand- 
generation and Web-enabled 
marketing tools for creating 


Ya 
Ue 


direct marketing and e-mail 
promotions. 

The company will also offer 
more incentives to partners 
for achievements such as 
winning a new account or 
displacing rivals, Ramsey 
said. HP has also put in place 
a unified channel-facing orga- 
nization to replace the multi- 
ple units it had for its various 
technologies. 

“Instead of having 40 dif- 
ferent Web sites 
and 40 different 
places to go, we 
now have one 
face for our part- 
ners,” Ramsey added. 

The program addresses 
most of the questions channel 
partners had following HP’s 
acquisition of Compaq, said 


Geoffrey Lilien, CEO of Mill 
| Valley, Calif.-based HP reseller | 


Lilien Systems Inc. 

“There was a lot of uncer- 
tainty about what was happen- 
ing as you looked at the differ- 


| ent programs and the different 
| people across both the compa- 


nies,” Lilien said. 

The new program has in- 
troduced “consistency across 
the many different programs” 
and made it easier to work 


with HP, he said. For instance, 
the multiple contracting pro- 
grams that partners previ- 

| ously had to sign up for have 
been replaced by a single 
contract. 

Sun’s new program, mean- 

while, is aimed at providing 
its 800 U.S.-based iForce chan- 


What It 
‘Takes 


TO BECOME A STRATEGIC 
SUN IFORCE PARTNER: 


@ At least 10 sales represen- 
tatives and 10 systems engi- 
neers must be Sun certified 
at the enterprise level. 

= Five of those 10 systems 
engineers also must have a 
Solaris core certification. 


TO BECOME AN HP 
PLATINUM PARTNER: 


# You must have at least 15 
technical consultants. 

= You must have at least five 
sales representatives. 

= At least four reps must be 
certified on HP technology. 
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NEW SERVICES 


AOL's Enterprise AIM Services will: 
GIVE IT administrators 
contro! over IM usage. 


ADD business security and 
auditing features. 


OFFER encryption features 
early next year. 


more than 1.5 billion instant 
messages each day, according 
to the company. There are 
about 180 million registered 
users of the AIM service, in- 
cluding consumers and busi- 
ness users. D 


GET CONNECTED 


For more news on messaging technologies 
visit our Web site 


QuickLink k2360 
www.computerworld.com 


nel partners with many of the 
same features. 

“We know we needed to 
continue to improve the value 
proposition, to simplify how 
to do business with us and re- 
ward those who have been 
making a significant invest- 
ment in Sun,” said Mike 
Walsh, a Sun director. 

Among Sun’s margin-im- 
provement programs is an ini- 
tiative called the Target Ac- 
count Program, under which 
the company will offer special 
rebates to partners that sell to 
a specific list of “new-to-Sun” 
target accounts, according to 
Walsh. It will also offer special 
cash rebates to partners that 
sell only Sun server and stor- 
age equipment. 

The company’s revamp is 
clearly aimed at rewarding 
partner loyalty and invest- 
ment in Sun technology, said 
Oliver Poppenberg, a vice 
president at Perfect Order 
Inc., a Sun reseller in Mechan- 
icsburg, Pa. Sun’s decision to 
offer incentives to partners 
that refer users to its profes- 
sional services is also a good 
one, he said. 

But “more specifics are 
needed to understand how 
partners are assigned or can 


| earn a target account,” Pop- 
| penberg said. D 





1b COMPUTERWORLD November i, 2002 


_NEWS _ 


Cybersecurity Tools Proliferate 
As Spending Remains Steady 


New products address continued 
concerns over threats to corporate data 


BY JAIKUMAR VIJAYAN 
ORPORATE AMERICA'S 
willingness to spend 
money to protect its 
information assets 

apparently hasn’t been lost on 

a single security vendor. 

This week’s Computer Se- 
curity Conference and Exhibi- 
tion in Chicago will showcase 
a plethora of new tools that 
feature real-time event analy- 
sis and correlation capabilities 
for dealing more efficiently 
with cyberthreats. 

Such products come at a 
time when some analysts are 
projecting that spending on 
IT security will continue to 
hold steady in 2003 despite a 
decrease in overall corporate 
IT spending. 

A recent survey of more 
than 25,000 IT professionals 
worldwide by Meta Group Inc. 
in Stamford, Conn., indicates 


Continued from page 1 


Ameritrade _ 


ture that’s based on high-end 
servers. For example, the 
Ameritrade trading system is 
supported by Sun Microsys- 
tems Inc.’s Sun Enterprise 
10000 Unix servers. 

“We like the lower cost of 
the Datek platform, but we’re 
also looking at keeping the 
same or higher levels of relia- 
bility and availability [as pro- 
vided by Ameritrade’s sys- 
tems],” Murphy said. She said 
Ameritrade is investigating 
using Linux servers for its new 
IT infrastructure but will also 


consider systems such as Win- | 


dows 2000 and Solaris. 

The data center and Web 
site consolidation efforts are 
also due to be completed by 
next summer. Murphy said it’s 
too early to pinpoint the total 


| 
| 


that the number of companies 
that will spend more than 5% 
of their IT budgets on security 
will grow from 33% in 2001 to 
55% next year. 

“Tt’s a case where you can 
be penny-wise and pound- 
foolish,” said Josh Turiel, a 
network services manager at 
Holyoke Mutual Insurance Co. 
in Salem, Mass. 

Although other areas of 
Holyoke’s IT budget have been 
trimmed to offset increases in 
license fees and other fixed 
costs, security is an area that 
has been untouched, he said. 

“Unfortunately, what’s hap- 
pened after Sept. 1] is that we 
have more concerns about 
cyberterrorism and the need 
to protect ourselves against it,” 
said Thomas Miles, a systems 
administrator at St. Onge, Ruff 
& Associates, an architectural 
engineering firm in York, Pa. 


cost of the integration work. 
Ameritrade has two data 
centers of its own: a primary 
site in Kansas City, Mo., and a 
backup site in Omaha. Jersey 
City, N.J.-based Datek brought 
with it a data center in Secau- 
cus, N.J. Ameritrade will close 
the Omaha facility and pick 
one of the others as its main 
data center, Murphy said. 


NEW PRODUCTS 


products at the CSI 
conference include: 


m Instant Virtual intranet V3.0. 


The company has just bol- 
stered its defenses with a fire- 
wall from Burlington, Mass.- 
based Astaro Corp. that com- 
bines firewalls with a virtual 
private network, antivirus 
protection, content filtering 
at the application level and 
user authentication. 

Some of the products at this 
week’s show, which is spon- 
sored by the San Francisco- 
based Computer Security In- 


On the front end, Ameri- 
trade intends to replace its 
two online-trading Web sites 
with a new one that will in- 
clude features from both bro- 
kerages. But the changes will 
be done gradually to make 
them evolutionary for users. 

“We have two platforms, 
and in essence you could say 
that we’re abandoning both,” 


Integration Plan Includes IT Layoffs 


Ameritrade’s plan for integrating 
its operations with Datek's also 
includes the likelihood of IT staff 
cutbacks. And that’s causing IT 
managers at the company to do a 
lot of hand-holding with technol- 
ogy workers who are worried 
about the upcoming layoffs. 
Ameritrade and Datek have 
a combined IT staff of 450 peo- 


ple, out of 2.100 total employees. 
Reductions in IT are expected 
over the next six months as sys- 
tems get combined and consoli- 
dated, said Cecilia Murphy, vice 
president of technology engineer- 
ing services at Ameritrade. She 
wouldn't speculate on how many 
jobs are likely to be cut. 

In particular, some program- 





stitute, take a behavior-based 


approach to enforcing security, | 


while others are policy-based. 
For instance, Waltham, 
Mass.-based Okena Inc.’s new 
StormTrack product builds on 
the company’s previous rules 
and correlation engines and 
allows companies to enforce 
authorized application behav- 
ior while preventing unautho- 
rized tasks from executing. 
Okena’s suite lets users define 
policies for acceptable behav- 
ior and then uses an agent- 
based technology to monitor 
applications and host systems 
in real time for compliance. 
“Okena’s approach gives 
me a little more control over 
my environment,” said Bill 
Spernow, chief information 
security officer at the Georgia 
Student Finance Commission 
in Atlanta. “It allows me to 
configure a rules base that, in 
conjunction with the agents, 
allows me to see what ports 
are open or who is accessing a 
file or touching a registry sys- 


said Larry Szczeck, chairman 
of products and services inte- 


| gration at Ameritrade. “We're 


taking a hybrid of the two and 
moving customers to that.” 
The overall IT integration 
effort is being led by eight 
teams that are in charge of 


| areas such as technology inte- 


gration and end-user experi- 


| ence. Each group reports 


mers and other IT employees are 
concerned that the elimination of 
the systems they work on will also 
mean the end of their jobs, said 
Larry Szczeck, chairman of prod- 
ucts and services integration at 
Ameritrade. “That one caught me 
off guard,” he said. “It’s a chal- 
lenge to get people to work to- 
gether to develop the best sys- 
tem, not ‘the best system | used 
to work on so I'll still have a job.’ ” 
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tem,” Spernow said. 

Similarly, Securify Inc. in 
Mountain View, Calif., will in- 
| troduce a suite of tools that 
| allow enterprises to define 
and ensure compliance with 
— a set of rules that specify 
how network traffic should 
behave, according to Mark 
Hangen, the company’s presi- 
dent and CEO. Securify’s 
SecurVantage 3.0 product 
starts at about $50,000. 

Other products are aimed at 
helping companies better 
gather and manage the data 
overload resulting from the in- 
stallation of various security 
devices around the enterprise. 
For instance, Bethesda, Md.- 
based Intellitactics Inc.’s Net- 
work Security Manager 4.0 
| lets companies gather data 
| from firewalls, routers and in- 
| trusion-detection devices and 
| translate it into simple langu- 

age, said CEO Paul Soft. 
| The technology uses corre- 
lation engines and vulnerabili- 
| ty information to help admin- 
istrators prioritize threats and 
| 
| 
| 





responses. Pricing starts at 
about $87,000. DB 


| MORE ON CYBERSECURITY 


Intrusion-detection systems need a lot of 
fine-tuning. To learn more, see page 34. 


| weekly on its progress to a 
central integration committee. 
| Ameritrade is also setting up 
| a team of employees from both 
companies to work on new ap- 
| plications. “The integration 

| effort is tied to old systems, 
and we need to get that done 

| for synergies,” Murphy said. 

| “But we need to move forward 
| on building new systems.” D 


Phylis Esposito, Ameritrade’s 
chief strategy officer, said one 
way the firm is combating the 
rumor mill on layoffs is to issue 
biweekly integration updates via 
e-mail. “Communicate frequently, 
and be upfront.” she said. As de- 
cisions that could affect employ- 
ees are made, it's best to “an- 
nounce them, because things fil- 
ter through anyway,” she added. 

- Lucas Mearian 
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Judge Rejects Web 
Site Disability Suit 


Southwest fends off 
suit, but looks to make 
its site more accessible 





BY PATRICK THIBODEAU 
FEDERAL JUDGE in Miami 
last month rejected a lawsuit 
contending that Southwest 
Airlines Co. violated the 

Americans With Disabilities Act 

(ADA) because its Web site was inac- 

cessible to blind users. 

At issue in the case is whether cor- 
porate Web sites fall under the aegis of 
the ADA. In one of the first court deci- 
sions on the act’s applicability to the 
Internet, U.S. District Court Judge Pa- 
tricia Seitz ruled that the ADA con- 
cerns physical spaces, not virtual ones. 
She left it up to Congress to decide 
whether to broaden the disability law 


to include cyberspace. 


But in a footnote to her i2-page deci- 
sion, Seitz expressed surprise that Dal- 
las-based Southwest hasn’t used “all 


| available technologies to expand ac- 


cessibility to its Web site for visually 


| impaired customers who would be an 
| added source of revenue.” 


Southwest spokeswoman Christine 
Turneabe-Connelly acknowledged that 
some screen readers — software that 


| converts on-screen text to audio or a 
| refreshable Braille display — may have 


had compatibility problems with the 
company’s Web site. Southwest is “ex- 


| ploring some possibilities” to make the 


site more user-friendly for blind or vi- 
sually impaired users, she said. 
Problems with Web site accessibility 
aren’t uncommon, said Edward Res- 
nick, president of Access Now Inc., a 
Miami Beach, Fla.-based advocacy 
group that filed the suit. Accessibility 





NEWS 


is strictly a matter of whether a Web 
site’s designer “programmed it for peo- 
ple who are blind,” he said. Access 
Now and a blind individual claimed in 
the suit that Southwest’s online virtual 
ticket counters are “extremely diffi- 
cult” — though technically possible — 
for the blind to use. The plaintiffs plan 
to appeal Seitz’s decision. 

Many companies rush to create Web 
sites without considering accessibility 





issues and may later balk at spending 
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money to retrofit their sites, said Jen- 
nifer Vollmer, an analyst at Meta 
Group Inc. in Stamford, Conn. As a 
rule, she said, building in accessibility 
during the site design process costs 
one quarter of retrofitting work. 

Web site accessibility “should be a 
no-brainer,” she said. “But it has just 
not been a priority for companies.” 

The World Wide Web Consortium 
has published a set of accessibility 
guidelines that developers can follow 
to open up Web sites (see box). But 
companies also have to increase the 
accessibility awareness and training of 
programmers, said Gerry Santoro, an 
assistant professor of information sci- 
ences and technology at Pennsylvania 
State University in University Park. D 





Lotus Chief Sets Course in Wake 


Of IBM’s ‘On-Demand’ Strategy 


Zollar focuses on 
collaboration tools and 
‘dynamic workplaces’ 





BY MARYFRAN JOHNSON 
AND DON TENNANT 


Al Zollar is one of the senior executives 
at IBM who will play a key role in exe- 


| cuting CEO Samuel J. Palmisano’s new 


“on-demand” computing initia- 
tive [QuickLink 34091]. Zollar, 
general manager of IBM’s Lotus 
Software Group, spoke with 
Computerworld last week. 


Aside from heading Lotus, you're 

leading an IBM-wide “dynamic 
workplaces” initiative. Can you ex- 

plain what that’s about? In princi- 

ple, it’s this notion that you 

walk into any of our typical medium- 
to large-size customers, and you can 
probably find somebody working on 
an e-HR self-service initiative, some- 
body working on a portal, somebody 
on e-mail, search, collaboration, 
e-learning, document management 
and so forth. The goal of the dynamic 
workplace is to take all this stuff, inte- 
grate it and make it highly [adaptive] to 
the user role or the business problem 
that you’re trying to address. 


How does that fit into IBM’s “on-demand” 
computing vision? And what is Lotus doing 
to support that strategy? The on-demand 
initiative is really about the standard- 
ization of computing to solve what is 
one of the great remaining challenges: 
How do we really make distributed 





computing work? This is all about cre- 
ating an ability to have computing 
viewed as something that is much 
more dynamically deployable. And the 
collaborative middleware that Lotus 
provides is a big piece of this, because 
it’s about how you connect people into 
this utility or network structure. We 
think that this is one of the first places 
that people will look and say, “This 
looks like a utility to me.” 


What's the main message you'll de- 
liver at the Lotusphere conference 
in January? We’ve been talking 
about this “next-gen” project, 
which is the use of J2EE tech- 
nologies around Lotus’ collabo- 
rative capabilities. We'll have a 
lot of updates on that. 


What’s your reaction to the recent Micro- 
soft ruling? There’s no reaction I really 
have to it, because my attitude on the 
whole thing was that it didn’t exist. 
What I mean by that is we try to stay 
focused on customers and presenting a 
better offer than our competitors. 
What I think we've seen is that Micro- 
soft, by this ruling, is asked to provide 
technical information. That’s good for 
the industry and good for customers. 
The question will be, how much more 
productive can our people be with 
what’s now being mandated? D 


MORE ONLINE 


For a more extensive version of this interview with 
Al Zollar, visit our Web site: 


QuickLink 34180 
www.computerworld.com 








THERE’S SHALLOW 
INTEGRATION AND THERE’S 
EGRATION. 


Everybody seems to be jumping into integration these 
days. As the originators of business integration, TIBCO 
Software knows how difficult it can be to differentiate 


between the many solutions. 


Our integration solution delivers more than a point-to-point 
connection. Far more. Our innovative and unbiased 
approach starts by integrating the systems you already have, 
then streamlining the processes that span your business. 
The result is no less than the ultimate transformation of your 
business into a real-time enterprise. It’s a deeper solution 
that delivers measurable business results now—and allows 


you to scale for the future. 


Take Seagate. When we integrated the disk drive giant with its partners 
and customers, the resulting system delivered superior customer service 
and enabled the company to bring its products to market faster. And when 
we created adidas-Salomon’s real-time supply chain it resulted in faster 
time to market and higher revenues for the sporting goods marketer. 


" That's the power of now. 


Learn how our deep integration has worked for other 
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processes and systems. 
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Wireless Start-up Targets 4-Mile Range 


BY BOB BREWIN a planar phased-array antenna | for wireless LAN access points. 
Start-up Vivato Inc. last week to support a communications Phil Belanger, vice presi- 
announced plans to market a | range of more than four miles, dent of marketing at Vivato, 


wireless LAN switch that uses | compared with hundreds of feet | said the San Francisco-based 


vendor is aiming the switch 
at corporate users who want 
to implement WLANs in 
large buildings or campus 
environments. Other target 
markets include public-access 
WLANs and wireless Inter- 
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net service providers. 

The range of an indoor sys- 
tem tops out at about a mile, 
Belanger said. Vivato envi- 
sions users setting up just one 
outdoor antenna to provide 
wireless service to an entire 
office building, eliminating 
the need for multiple indoor 
access points. The switch is 
rated to deliver throughput of 
up to 800M bit/sec., compared 
with 11M bit/sec. for 802.l1b 
Wi-Fi products. 

Vivato derives its range and 
throughput from the phased- 
array antenna, which is similar 
to devices used on the U.S. 
Navy’s Aegis cruisers to track 
and identify aircraft. The 2 ft. 
by 2 ft. square antenna forms 
electronic beams that send 
narrow pulses of high-speed 
data to WLAN clients, Be- 
langer said. 


Product Potential 

Nelson Ludlow, CEO of Mo- 
bilisa Inc., said that given the 
distance claims, the switch 
sounds potentially useful. 
Ludlow plans to do a hands-on 
evaluation of the technology 
later this month. His Port 
Townsend, Wash.-based com- 
pany is involved in an effort 
to provide WLAN services on 
boats operated by the Wash- 
ington state ferry system. 

Phased-array antennas are 
currently being used in large 
cellular and military applica- 
tions, said Craig Mathias, an 
analyst at Farpoint Group in 
Ashland, Mass. “I’m a big be- 
liever in antenna arrays, and 
I believe they will see signifi- 
cant deployments in WLAN 
applications,” Mathias said. 
But, he added, “the technical 
advantage that Vivato may 
have is yet to be proven.” 

Belanger declined to dis- 
close pricing for Vivato’s 
switch, which is expected to 
ship next quarter. In addition 
to 802.11b, the switch will sup- 
port the 802.lla and 802.llg 
standards, as well as multiple 
security protocols. 

Vivato’s announcement came 
two months after Holtsville, 
N.Y.-based Symbol Technolo- 
gies Inc. introduced a WLAN 
architecture that’s built 
around central switches 
(QuickLink 32531]. » 
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oftware lets you use data to personalize customer connections, tha one degree of separation. The myriad of choices 
available to online consumers is staggering. The personal service available at traditional businesses is largely absent online and the pressure 
is on you to bring it back. Microsoft® solutions for Internet business provide the tools you need to build stronger relationships with your global 
network of customers and trading partners. Scalable user and content profiling allows you to target content and offer more personalized 
options including customer-specific catalogs with custom pricing and product information. 


Now it’s easier for you to aggregate profile data from multiple underlying data sources to leverage existing technology investments and 


enable richer profiling capabilities. And with built-in business analytics, you can analyze ever-changing user behavior to predict purchasing 


and browsing preferences, all while delivering real-time recommendations. Plus, through direct support for XML-based data, companies can 
exchange catalog and order information and integrate order fulfillment systems for seamless transactions. Find out how .NET connected 
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> The Royal Canadian Mint wanted to reach its diverse worldwide customers, expand sales of its products, and deliver a highly 
customized consumer experience, so they used the Web content management capabilities of Microsoft Content Management 


Server integrated with the e-commerce, personalization and backend data integration capabilities of Microsoft Commerce and 


| 
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St BizTalk® Servers. Now the Mint can publish content in multiple languages, draw on customer 


| 


information from its legacy database, and feed online orders through existing ERP system, 


enabling the Royal Canadian Mint to offer customers a richer and more personalized experience. 
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PATRICIA KEEFE 


Verifying ‘Trust 


ALLOWEEN MAY BE OVER, but the 
Nightmare on Data Street is just get- 
ting under way for public companies, 
which now face a web of disclosure 
and verification regulations spawned 
by this year’s continuing horror show of corporate 


accounting scandals. 

CEOs and CFOs are 
now required, thanks to 
this summer’s passage of 
the Sarbanes-Oxley Act, 
to sign documents attest- 
ing to the veracity of 
their financial data. 

Some observers say the 

Securities and Exchange 
Commission may yet 

scare up a few more reg- 

ulations. And why not? 

Many blame the unbri- 

dled greed that led to the 

ongoing crises at companies like En- 
ron, Tyco and WorldCom for exacer- 
bating the market crash, which sank 
the stock prices of many companies 
and the retirement dreams of mil- 
lions of Americans along with it. 
Something had to be done. 

So a jittery Republican administra- 
tion did what it hates to do: created 
new regulations, in this case ones 
designed to limit, if not stop, corpo- 
rate fraud. It also ordered up an ac- 
counting oversight board to oversee 
the audit process. Expect more 
guidelines to follow once the board 
settles in next year. 

What’s this got to do with IT? A 
lot, actually. It’s not just a problem 
for the CEO and CFO. It will land on 
unprepared CIOs like a ton of depo- 
sitions. You may not have to sign 
anything, but the key to safeguarding 


and verifying data accuracy lies with- 


in the heart of the financial systems 
and enterprise infrastructure IT de- 
signs and oversees. As Lynn Bruneau, 
a managing director at risk consul- 
tancy Protiviti puts it, “Do you know 
where your data spent the night?” 
Many CIOs see this as no big deal. 
Financial applications are among the 


most heavily controlled 
and monitored systems. 
Many shops mapped out 
their IT architectures as 
part of the Y2k exercise 
and should be able to re- 
use those blueprints to ex- 
plain the “Where did you 
get this information?” part 
of the disclosure controls. 
But there are other 
issues. Financial systems 
can be updated to pro- 
vide real-time data feeds, 
monitoring and updates, and even 
to speed the process of data collec- 
tion, analysis and reporting. And 
what about security? Are you dead 
certain there are no vulnerabilities 
so no One inside or outside can get 
at critical data? Is your system audit 
trail as solid as a rock? You may 
have to prove it. You may have to 
address security issues that you’ve 
been putting off. And, oh, have 





you documented your procedures? 

Wait — more needs to be done. 

Many companies are launching 
“disclosure committees” to institu- 
tionalize the process they went 
through in August, when they had to 
verify data for the first time. If your 
company has one, make sure you’re 
on it, says Bruneau. 

Know what’s going on in your own 
shop. Be able to map your technical 
infrastructure and explain how it 
supports the business. Know where 
the vulnerabilities are. Make sugges- 
tions on how to improve things go- 
ing forward. 

Scrutinize outsourcing contracts. 
If you’re handing off responsibility 
to an outside party, you must define 
the details underpinning data in- 
tegrity in your financial systems. 

Ray Hoving, a former president of 


| e . 
the Society for Information Manage- 


ment, calls this “hygienic comput- 
ing.” In today’s more paranoid envi- 
ronment, “the stakes are getting 
higher,” he says. 

We’ve moved well beyond putting 
into action all those platitudes about 
aligning IT with business goals and 
about serving the needs of the busi- 


| ness units. Indeed, IT and business 


processes have in fact become all too 
intertwined. Scary as it may be, CIOs 
simply can’t sit this one out. D 
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Choreograph 


Collaboration 


OLLABORATION is an 

impressive-sounding 

word, but it’s so amor- 
phous that it can obscure 


down-to-earth benefits for 
large IT shops that must work togeth- 
er across geographies and time zones. 
It’s obvious that if you have operations 
in the U.S. and overseas, you need a 
tool to mitigate the high cost and ad- 
ministrative burden of managing soft- 
ware development. 

The goal should be to put in place a 
common development environment 
that gives control to the individuals 
writing the code, rather than making 
them jump through permission-based 
hoops. They need source-code con- 
trol, as well as capabilities for version 
management, change management, 
and quality and assurance testing. The 
tools have to be easy 
for developers to use 
(meaning minimal 
training is required), 
and managers must 
have access to the de- 
velopment process. 

Typically, collabora- 
tion tools have been 
encumbered by hard- 
ware costs and admin- 
istrative bottlenecks 
that prevent develop- 
ers from managing the 
products by themselves. 

The search for an appropriate envi- 
ronment should focus on more than 
just version controls. You need to be 
able to extract value from code reuse 
and shared developer expertise — 
wherever the developers may be. 

For example, with developers in San 
Francisco, London and Walnut Creek, 
Calif., Barclays Global Investors need- 
ed a common platform to allow part- 
ners in Boston and Sacramento, Calif., 
to be part of the development process. 

It was a challenge to find such a 
product, because it had to support 
generic development operations and it 
needed to be sophisticated enough to 
encompass XML development, Web- 
based client-order systems and large- 
scale trading operations. 

The tool had to support multiple 
project types and act as a source-code 
development hub. This would speed 
technical project communication and 
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make it possible to create archives 

for code and routine project activities, 
which could later be reused. With 
added control features, developers 
should be able to access the company’s 
library of stored scripts and proce- 
dures. Because the software selected 
from Brisbane, Calif.-based CollabNet 
Inc. is in a single location, manage- 
ment oversight isn’t a burden for 
developers. 

Barclays made flexibility a high- 
water mark for the collaboration soft- 
ware, so developers can continue to 
use their favorite integrated develop- 
ment platform. Permission-based par- 
ticipation also lets third parties con- 
tribute to the process, spreading risk 
and expertise outside traditional 
boundaries. E-mails, face-to-face 
meetings, travel costs and project 
completion times were reduced. The 
software development infrastructure 
is now managed by one technical ad- 
ministrator working half time, down 
from three full-time positions. 

Collaboration sounds like an ele- 
gantly choreographed experience, but 
the true value lies in the mundane ad- 
vantages of reducing costs and making 
your developers’ lives better. D 


It's bona 
‘lo Upgrade 
Portfolios 


E ARE IN A unique 

period in the histo- 

ry of enterprise 
computing. The extra-organi- 
zational elements of the tech- 
nology supply side — venture capital- 
ists, vendors, subscription research 
firms and systems integrators — have 
been struck mute by the perfect-storm 
convergence of an economic down- 
turn, the utter lack of killer apps in the 
pipeline and a bordering-on-revenge- 
seeking buyer dissatisfaction with 
prior-period technology purchases. 

Pity the poor vendor. But things are 
no better inside IT organizations. 
This year’s IT budget cycle was also 

unique because of the current unprece- 
dented conditions. While every com- 
pany’s budget meeting was different in 
details, a general consensus emerged 
from these sessions that IT depart- 
ments must migrate from being func- 
tional fetishers (constantly demanding 


new stuff) to being value 
addicts (delivering business 
benefits with what they 
already have). 

Additionally, leading IT 
operations in end-user 
companies such as Toyota 
and Kraft, as well as high- 
tech vendors like Cisco and 
Hewlett-Packard, are hav- 
ing to move away from 
managing disparate pieces 
of functionally applied 
technology to managing 
enterprise IT portfolios. : 
They’re being forced to think more 
deeply about how and why they’re 
spending money on IT. 

One of the implications of this 
“back to basics” mind-set was the res- 
urrection of the long-forgotten skill 
set of IT portfolio management. 

At a recent program called “Manag- 
ing the Information Resource” held on 
the UCLA campus, IT leaders from 32 
companies in 12 vertical markets were 
asked to describe how their organiza- 
tions manage their IT portfolios, pay- 
ing specific attention to two things: 

= What tools/processes for portfolio 


management were being 
used? 
@ What lessons were be- 
ing learned/relearned? 
The results were some- 
what disturbing. IT portfo- 
lio management skills and 
tools have atrophied in 
most organizations. Fur- 
thermore, a very broad 
spectrum of portfolio man- | 
agement behaviors and 
tool sets exists in global 
corporations today. As 
such, IT portfolio manage- 
ment means different things to differ- 
ent companies. A common definition 
is lacking. 

IT managers at the UCLA confer- 
ence said they generally believe that 
until 2005, more value will be created 
by making technologies disappear (by 
methods such as rationalizing plat- 
forms and turning off low-value sys- 
tems and devices) than in making new 
technologies appear. The best way to 
make these difficult “What do we turn 
off?” decisions is, in my view, effective 
IT portfolio management. 

Surprisingly, many IT leaders leave 


| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 


| the choice of portfolio management 


tools to relatively low-level project 


| managers. But project management is 
| not pertfolio management. The port- 


folio management tool creates the en- 


| vironment in which important deci- 
| sions will be 


made. 
Steve Finnerty, CIO at Kraft, said at 


| the recent annual conference of the 


Society for Information Management, 
“Most of the low-hanging fruit in the 
functional orchard has already been 
harvested. The big opportunities are 
at the enterprise and extra-enterprise 


| level.” The only way to get to a point 
| where enterprise decisions can be 

| made is with IT portfolio manage- 

| ment being driven at the highest 

| levels of IT. 


Whether you are seeking to become 


| proficient in forecasting or simply try- 
| ing to determine which legacy systems 


should get the ax, a critical next step 
for IT leaders is to get your portfolio 
management houses in order. B 


WANT OUR OPINION? 


More columnists and links to archives of previous 
columns are on our Web site 


| www.computerworld.com/columns 





FTER REPORTING the effec- 

tiveness of the IBM Discovery- 
Link “federated database” solution 
at Aventis Pharmaceuticals and 
enumerating other approaches to 
data integration (custom interfaces, | 
replication, ETL and Web services), | 
your article [“Bridging Data Is- 
lands,” QuickLink 33167] states 
that regardless of the approach, 
data integration can be difficult, 
expensive and error-prone. But the 
key point to the federated solution 
is that, under circumstances where 
data already resides in managed, 
well-understood data stores, inte- 
gration is neither difficult nor ex- 
pensive - the data is not moved, 
not replicated and not redesigned, 
and custom code need not be writ- 
ten. The federated DBMS product 
is installed, network connections to 
sources are defined, source defini- 
tions are configured, user access 
is mapped, and logical tables of 
source data are declared as aliases 
Once these steps are executed, 
often in a matter of a few hours, 
queries are transparently executed 
across all defined sources when in- 
voked by their aliases in SQL state- 
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Data Integration Need Not Be Complex 


ments. Difficulties arise only when 
sources are not well managed, or 
not well understood, or not 
amenable to conversion to the logi- 
cal equivalent of tables. 

These conditions of course will 
increase the cost and complexity of 
any of the named solutions, not just 
database federation. True, any data 
integration effort is subject to error, 
but the less code written and the 
less transformation performed, the 
less opportunity there is to make 
mistakes. Aventis users can jointly 
query proprietary and public data 
worldwide in a single statement, 
without Aventis assuming the bur- 
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den of ownership, storage and main- 


tenance of any data but their own 
David P. Vernon 

Technical solutions specialist, 
life sciences, IBM, Tucson, 
Ariz. 


CRM’s Challenges 


ICHAEL FOOTE’S column 

“Avoid Wiping Out on New 
CRM Wave” [QuickLink 33244] is, 
at last, an article that apportions 
blame more fairly, laying a good 


deal of it at the feet of the compa- 
nies whose projects are failing in- 
stead of taking the easy way out 
and beating up on the vendors and | 
consultants. Simply put, a signifi- 
cant majority of companies went 

into CRM with rose-tinted glasses 
and a good dose of underestima- 

tion of the complexities of process 
and organizational change in the 
customer-facing part of the organi- 
zation. Fortunately, the lessons 
learned by such companies are 
becoming more publicized 

Michael Gentle 


Paris, mgentle2@aol.com 


Use IT Wisely 


M ICHAEL GARTENBERG Is cor- 
rect that the pace of change is 
getting faster, and yes, we will be 
surprised in another 35 years 
(“Tomorrow's Computers Benefit 
All,” QuickLink 32996]. But his 

idea that a person transported from 
2,000 years ago to the year 1800 
would find life and civilization easy | 
to adapt to is wrong. In the 16th | 
century, Cortes, with 500 soldiers, | 
16 horses, gunpowder and avery | 
different belief system, seemed a | 
god and managed to conquer the 


Aztec empire. But there is another, 
instructive side to this story. When 
a technology is powerful and ac- 
cessible, anyone can use it for his 
own purposes without understand- 
ing it. So the Native Americans 
learned to use gunpowder. They 
didn’t know how to make a gun any 
more than most of us self-congrat- 
ulatory moderns could explain a sil- 
icon chip or make a light bulb. But 
they could pull triggers, and we can 
push buttons. In the coming 35 
years, let's hope we gain more wis- 
dom to match our wizardry 

Mark Cassidy 

Independent contractor, 
Naugatuck, Conn. 


COMPUTERWORLD welcomes 
comments from its readers. Letters 
will be edited for brevity and clarity 
They should be addressed to Jamie 
Eckle, letters editor, Computerworld, 
PO Box 9171, 500 Old Connecticut 
Path, Framingham, Mass. 01701. 
Fax: (508) 879-4843. 

E-mail: letters®computerworld.com. 
Include an address and phone num- 
ber for immediate verification. 


More letters on these arid other 
topics are on our Web site 
computerworld.com/letters 





COMPUTERWORLD November 11, 2002 


Verifying 


TA 
t 


EEF] 


ALLOWEEN MAY BE OVER, but the 
Nightmare on Data Street is just get- 
ting under way for public companies, 
which now face a web of disclosure 
and verification regulations spawned 
by this year’s continuing horror show of corporate 


accounting scandals. 
CEOs and CFOs are 

now required, thanks to 

this summer's passage of 

the Sarbanes-Oxley Act, 

to sign documents attest- 

ing to the veracity of 

their financial data. 

Some observers say the 

Securities and Exchange 


Commission may yet 


most heavily controlled 
and monitored systems. 
Many shops mapped out 
their IT architectures as 
part of the Y2k exercise 
and should be able to re- 


use those blueprints to ex- 


plain the “Where did you 
get this information?” part 


of the disclosure controls. 


PATRICIA KEEFE is a 


scare up a few more reg- Computerworld editor at 

large. You can contact 
her at patricia_keefe@ 
computerworld.com. 


And why not? 
Many blame the unbri 


ulations. 


dled greed that led to the 
ongoing crises at companies like En- 
ron, Tyco and WorldCom for exacer 
bating the market crash, which sank 
the stock prices of many companies 
and the retirement dreams of mil 
lions of Americans along with it. 
Something had to be done. 

So a jittery Republican administra 
tion did what it hates to do: created 
new regulations, in this case ones 
designed to limit, if not stop, corpo- 
rate fraud. It also ordered up an ac- 
counting oversight board to oversee 
the audit process. Expect more 
guidelines to follow once the board 
settles in next year. 

What's this got to do with IT? A 
lot, actually. It’s not just a problem 
for the CEO and CFO. It will land on 
unprepared CIOs like a ton of depo- 
sitions. You may not have to sign 
anything, but the key to safeguarding 
and verifying; 
in the heart of the financial systems 


and enterprise infrastructure IT de- 


signs and oversees. As Lynn Bruneau, 


a managing director at risk consul- 

tancy Protiviti puts it, “Do you know 

where your data spent the night?” 
Many CIOs see this as no big deal. 


Financial applications are among the 


data accuracy lies with- 


But there are other 
issues. Financial systems 
can be updated to pro- 
vide real-time data feeds, 
monitoring and updates, and even 
to speed the process of data collec- 
tion, analysis and reporting. And 
what about security? Are you dead 
certain there are no vulnerabilities 
so no one inside or outside can get 
at critical data? Is your system audit 
trail as solid as a rock? You may 
have to prove it. You may have to 
address security issues that you’ve 
been putting off. And, oh, have 


‘Trust 


you documented your procedures? 
Wait 
Many companies are launching 
“disclosure committees” to institu- 
tionalize the process they went 
through in August, when they had to 


more needs to be done. 


verify data for the first time. If your 
company has one, make sure you’re 
on it, says Bruneau. 

Know what’s going on in your own 
shop. Be able to map your technical 
infrastructure and explain how it 
supports the business. Know where 
the vulnerabilities are. Make sugges- 
tions on how to improve things go- 
ing forward. 

Scrutinize outsourcing contracts. 
If you’re handing off responsibility 
to an outside party, you must define 
the details underpinning data in- 
tegrity in your financial systems. 

Ray Hoving, a former president of 
the Society for Information Manage- 
ment, calls this “hygienic comput- 
ing.” In today’s more paranoid envi- 
ronment, “the stakes are getting 
higher,” he says. 

We've moved well beyond putting 
into action all those platitudes about 
aligning IT with business goals and 
about serving the needs of the busi- 
ness units. Indeed, IT and business 


processes have in fact become all too 
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intertwined. Scary as it may be, C1Os | 


simply can’t sit this one out. D 
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Collaboration 


OLLABORATION is an 

impressive-sounding 

word, but it’s so amor- 
phous that it can obscure 
down-to-earth benefits for 
large IT shops that must work togeth 
er across geographies and time zones. 
It’s obvious that if you have operations 
in the U.S. and overseas, you need a 
tool to mitigate the high cost and ad- 
ministrative burden of managing soft- 
ware development. 

The goal should be to put in place a 
common development environment 
that gives control to the individuals 
writing the code, rather than making 
them jump through permission-based 
hoops. They need source-code con- 
trol, as well as capabilities for version 
management, change management, 
and quality and assurance testing. The 


aN 


tools have to be easy 
for developers to use 
(meaning minimal 
training is required), 
and managers must 
have access to the de- 
velopment process. 
l'ypically, collabora- 
tion tools have been 
encumbered by hard- 
ware costs and admin 
istrative bottlenecks 
that prevent develop- 
ers from managing the 


PIMM FOX is a freelance 
writer in San Francisco. 
Contact him at 


pimmfox@pacbell.net. 


products by themselves. 

Che search for an appropriate envi 
ronment should focus on more than 
just version controls. You need to be 
able to extract value from code reuse 
and shared developer expertise 
wherever the developers may be. 

For example, with developers in San 
Francisco, London and Walnut Creek, 
Calif., Barclays Global Investors need 
ed a common platform to allow part- 
ners in Boston and Sacramento, Calif., 
to be part of the development process. 

It was a challenge to find such a 
product, because it had to support 
generic development operations and it 
needed to be sophisticated enough to 
encompass XML development, Web- 
based client-order systems and large- 
scale trading operations. 

The tool had to support multiple 
project types and act as a source-code 
development hub. This would speed 
technical project communication and 





make it possible to create archives 
for code and routine project activities, 
which could later be reused. With 
added control features, dev elopers 
should be able to access the company’s 
library of stored scripts and proce- 
dures. Because the software selected 
from Brisbane, Calif.-based CollabNet 
Inc. is in a single location, manage- 
ment oversight isn’t a burden for 
dev elopers 

Barclays made flexibility a hig 
water mark for the collaboration soft 
ware, so developers can continue to 
use their favorite integrated develop 
ment platform. Permission-based par 
ticipation also lets third parties con- 
tribute to the process, spreading risk 
and expertise outside traditional 
boundaries. E-mails, face-to-face 
meetings, travel costs and project 
completion times were reduced. The 
software development infrastructure 
is now managed by one technical ad 
ministrator working half time, down 
from three full-time positions. 

Collaboration sounds like an ele 
gantly choreographed experience, but 
the true value lies in the mundane ad 
vantages of reducing costs and making 


your developers’ lives better. D 


Its Time 
‘Io Upgrade 
Portfolios 


E ARE IN A unique 

period in the histo- 

ry of enterprise 
computing. The extra-organi- 
zational elements of the tech- 
nology supply side — venture capital 
ists, vendors, subscription research 
firms and systems integrators — have 
been struck mute by the perfect-storm 
convergence of an economic down 
turn, the utter lack of killer apps in the 
pipeline and a bordering-on-revenge 
seeking buyer dissatisfaction with 
prior-period technology purchases. 

Pity the poor vendor. But things are 
no better inside IT organizations 
This year’s IT budget cycle was also 

unique because of the current unprece 
dented conditions. While every com 
pany’s budget meeting was different in 
details, a general consensus emerged 
from these sessions that IT depart 
ments must migrate from being func 
tional fetishers (constantly demanding 


new stuff) to being value management were being 
addicts (delivering business ; used? 

benefits with what they @ What lessons were be 
already have). ing learned/relearned? 
Additionally, leading IT Che results were some 
operations in end-user what disturbing. IT portfo 
companies such as Toyota lio management skills and 
ind Kraft, as well as high tools have atrophied in 
tech vendors like Cisco anc ‘ most organizations. Fur- 


Hewlett-Packard, are hav thermore, a very broad 
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ing to Move away from spectrum of portfolio man 


zing disparate pieces igement behaviors and 
of functionally applied tool sets exists in global 
technology to managing corporations today. As 
enterprise IT portfolios. such, IT portfolio man 

ment means different things to differ 
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rhey’re being forced to think more 


deeply about how and why they’re ent companies. A common definition 


spending money on II is lacking. 
One of the implications of this IT managers at the UCLA confer 
“back to basics” mind-set was the 1 nce said they generally believe that 


005, more value will be created 


urrection of the long-forgotten skil 
set of IT portfolio management echnologies 
At a recent program called “Mar 


ing the Information Resource” held on | forms and turning off low 


methods such as rationalizing f 


the UCLA campus, IT leaders from 32 ems and devices) th 
companies in 12 vertical markets wer chnologies appear 
asked to describe how their organiza 

tions manage their IT portfolios, pa 

ing specific attention to two things 


leaders leave 
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Spam Wars FUTURE WATCH: 


Spammers continue to 
refine their techniques, 
while companies enlist 
technology to block 
productivity-draining 
nuisance e-mail. 


Page 32 


The Defense Department is working 
on a self-aware computer that can 
reason and adapt to surprises. Will 
it turn out to be a dream computer, 
or a nightmare out of a science- 
fiction movie? Page 36 


| 
Good Morning, Dave . . . 
| 


The Balancing Act 
Despite advances in 
technology, tuning an 
intrusion-detection 
system is a delicate 
process requiring the 
right mix of know-how 
and tools. Page 34 
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Microsoft’s Passport and the Liberty 
Alliance’s Web authentication services 

take different approaches to Web identity 
management today, but they may interoper- 
ate in the future. By Carol Sliwa 


UPPOSE AN AIRLINE wants to 
give its online customers ac- 
cess to special offers from its 
hotel and car rental partners, 
yet spare those users the 
bother of logging in each time they link 
to a new password-protected Web site. 

The airline also might want to give 
its employees access to the secure 
sites of its 401(k) and insurance pro- 
viders without torcing them to prove 
their identities multiple times. 

Two of the more prominent options 
the airline might consider are Micro- 
soft Corp.’s Passport service and future 
systems based on specifications drawn 
up by the Liberty Alliance Project, an 
industry consortium with more than 
120 members, whose founders include 
Sun Microsystems Inc., American Ex- 
press Co. and United Air Lines Inc. 


But IT shops might want to carefully | 


assess their choices for single sign-on 
and user identity management, be- 


cause both options are in a state of flux | 


and new Web services approaches 
could alter the landscape even more. 

“You really have to have a driving 
business need to want to do this now, 
because of the potential for change,” 
says Randy Heffner, an analyst at 
Cambridge, Mass.-based Giga Infor- 
mation Group Inc. 

In July, the Liberty Alliance Project 
released its specifications for a stan- 
dards-based mechanism for simplified 
sign-on and user identity management. 
But although vendors have promised 
products based on those specifica- 
tions, they have yet to produce them. 

The second phase of the specifica- 
tions — which will include guidelines 
for site-to-site authentication and user- 
attribute sharing — isn’t due until the 
first half of next year, says Paul Mad- 
sen, a member of the Liberty Alliance’s 
technology expert group and manager 
for identity services at Addison, Texas- 
based Entrust Inc. 

Microsoft’s Passport authentication 
service, which has primarily targeted 
consumers, relies largely on propri- 
etary protocols that the company made 





available last month for inspection and 
development through its shared source 
code licensing program. But Passport 
is expected to shift to authentication 
tokens based on MIT’s Kerberos tech- 
nology and add support for Web ser- 
vices standards next year. That, in 
turn, has given many in the industry 
hope that Passport may someday inter- 
operate with Liberty-based authentica- 
tion and identity management systems. 


Core Differences 


Currently, the approaches differ. One 
major distinction is the location where 
each model stores and maintains user 
data. Another is the means by which 


the systems share a user’s authentica- 


tion status information. 

Under the Microsoft service, users 
register either via www.passport.com 
or a member site that has an agree- 
ment with Microsoft. The member site 
must be running Passport Manager 
software, which serves as an interme- 
diary between the site’s server and the 
Passport server and helps decrypt in- 


| coming cookies. 


When a user logs into a member 


| site, he is redirected to a page with the 


Passport user interface and branding 
from the referring site. The member 
site can decide how many of 10 possi- 
ble fields of information it wants the 
user to fill in, and the information is 
stored in Microsoft’s Passport servers. 
Users can opt to share all of that infor- 
mation with other Passport-enabled 
sites when they sign in, or only their 


| e-mail addresses or names. 


When a user signs in at a participat- 
ing site, he is redirected to Passport 
and, if he doesn’t have a cookie that 
meets the referring site’s policy, Pass- 
port prompts him for a name and pass- 
word. An encrypted authentication 
ticket containing the user’s informa- 
tion is sent from the secure Microsoft 
database to the client machine by way 
of a Web address query string. That 
ticket is then sent to the member site 
(see diagram on page 28). 

Dwight Davis, an analyst at Summit 
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TWO APPROACHES TO WEB SINGLE SIGN-ON 


Microsoft Passport Liberty Alliance 


@ Theuser browses to Site A 

(service provider) to access a 
Web page, resource or service. 
@ Thesite redirects the browser 
to Site B (identity provider). 

@ The user logs in at the ident- 
ity provider site, which creates 
asmall SAML authentication 
assertion artifact. 

@ The artifact is passed back 
to Site A. 

@ Site Asends the artifact to 
the identity provider viaa SOAP 
request. The artifact represents 
the actual SAML assertion. 

@ The identity provider returns 
the SAML authentication asser- 
tion to Site A. 
@ Theuser accesses the re- 
quested page from Site A. 





@ Theuser browses to Site Aand 
clicks the Sign In button 

@ Thesite redirects the user request 
to the Passport server, which checks 
the user's cookie file for an active 
ticket. If no active authentication tick- 
etis present, or if the ticket is deemed 
too old by Site A, the user is prompt- 
ed for his name and password. 

@ The Passport service redirects 
the user back to Site A with an en- 
crypted authentication ticket, which 
contains a 64-bit unique identifier 
and profile information (also encrypt- 
ed) that the user has chosen to share 
@ Site A decrypts the authentication 
ticket/profile information and signs 
the user into the site 

@ Theuser accesses the page, 
resource or service requested 


Site A (service provider) Site B (identity provider) 


rut 
Tl 


an 
oe 


\ 


User User 


NOTE: This is only one possible scenario 
under which Liberty protocols work. 


NOTE: This scenario assumes the user has 
already registered with the Passport service. 


In the future, Passport- and Liberty-based systems may be able to federate with each other using Web 
services. Under that scenario, SAML assertions, Kerberos tickets or other authentication tokens would 
be shared between the sites through XML-based messages sent via SOAP. 


Strategies Inc. in Boston, notes that 
some companies have been nervous 
about Microsoft owning the user data, 
“even if it’s only hands-off ownership.” 

The Liberty Alliance takes a differ- 
ent tack. It has no universal, unique 
user identifier that is recognized 
across sites, and no single identity 
provider that centrally stores user 
data. Instead, a wide range of sites can 
serve as identity providers, and these 
may federate with one another, ex- 
changing authentication tokens via the 
Security Assertions Markup Language 
(SAML) and SAML extensions. 

Under a Liberty-based system, a 
user accessing a password-protected 
site is redirected to the appropriate 
identity provider. Once there, the user 
logs in and is redirected back to the 
original site with a one-time random 
string calied an artifact. The artifact 
is then presented and exchanged for 
a SAML assertion, which contains the 
information the site needs to authenti- 
cate the user (see diagram). 

In contrast, Microsoft now uses pro- 
prietary protocols to transmit authenti- 
cation tickets between its Passport 
servers and member sites. Adam Sohn, 
a product manager in Microsoft’s .Net 
strategy group, says that even when 
Microsoft adds support for Kerberos- 
based authentication next year, it will 
not be “switch flipping” from the cur- 


rent Passport authentication mechanism 
to Kerberos-based authentication; it 


| will be more gradual, because there are 


200 million existing Passport accounts. 
Dan Blum, an analyst at Burton 


| Group in Midvale, Utah, says the use of 


Kerberos has been limited primarily to 
Windows 2000 users and universities, 
largely because “the mechanism of set- 


| ting up the Kerberos trust is cumber- 


some and requires opening up addi- 
tional ports in the firewall.” Blum says 
the trust-management and firewall 


| problems should start to be resolved 


once Microsoft releases its new Trust- 
Bridge server software, which will 
make it possible for two companies to 
“more conveniently federate authenti- 
cation and even authorization within 
the Microsoft model.” 


Compatibility Issues 


But Microsoft’s commitment to the bi- 


| nary Kerberos tickets differs from the 


Liberty Alliance-based specifications, 
which favor XML-based SAML asser- 
tions for user-to-site authentication. 
Microsoft has committed to support 
SAML assertions in its Windows serv- 


| er authorization infrastructure but has 


yet to pin its support to a particular re- 

lease or time frame, Sohn says. 
Despite the present incompatibility, 

there are ways to get Passport member 





sites and Liberty-based sites to share 





authentication data. For instance, a 
Web site could support the Liberty 
specifications, join Passport and essen- 
tially serve as a protocol mapper, doing 
the necessary translations to pass user 
identity information from one site to 
another, Madsen says. 

Beyond that, he notes that the sec- 
ond phase of the Liberty specifications 
will include guidelines outlining some 
site-to-site authentication options, in- 
cluding SAML assertions, Kerberos 
tickets and PKI-based technologies. 


| But that still won’t address the user-to- 


site authentication technology conflict 
between Passport’s Kerberos tickets 
and Liberty’s SAML assertions, he says. 

The greatest promise for interoper- 
ability may lie in the proposed Web Ser- 
vices Security (WS-Security) standards 
that Microsoft, IBM and Mountain View, 
Calif.-based VeriSign Inc. announced 
earlier this year and last summer turned 
over to the Organization for the Ad- 
vancement of Structured Information 
Standards in Billerica, Mass. 

Madsen says the Liberty Alliance is 
looking into WS-Security. And Micro- 
soft plans to “lean very heavily” on 
WS-Security, which can handle differ- 
ent types of security tokens, Sohn says. 

Sohn says SAML assertions or Ker- 
beros tickets could be dropped into 
XML-based messages, which could be 
sent via the Simple Object Access Pro- 





tocol (SOAP) to carry user credentials 
between sites. 

“There’s no reason any [two] sys- 
tems can’t interact in a trusted manner, 
whether they’re Liberty or Passport or 
a couple of enterprises interested in in- 
tegrating their supply chains,” he says. 

But the underlying systems must 
be able to understand the different 
authentication tokens, Madsen cau- 
tions. If they can’t, some type of ser- 
vice might be needed to perform map- 
ping functions, he says. 

It remains to be seen if that will suit 
the needs of corporate IT managers 
who don’t want to have to support du- 
eling technologies. 

“We're waiting for the industry and 
this space to evolve to a point where 
we can feel comfortable implementing 
something that will allow us inter- 
operability and flexibility,” says Justin 
Erbacci, a senior architect at United 
Air Lines. 

Erbacci may have to be patient. Prod- 
ucts supporting the Liberty specifica- 
tions aren’t out yet. TrustBridge isn’t 
due until next year. And SAML sup- 
port through WS-Security may not 
happen before the second half of 2003 
— or later, warns Blum. 

“It’s going to take a couple of years 
before we start to see widespread use 
of federated authentication using any 
of these techniques,” Blum predicts. D 
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As unwanted e-mail eats away at 
productivity, companies turn to 
technology to battle the threat, 
whilespammers fight back with 
new tactics to get their messages 
through. BY MELISSA SOLOMON 


OU KNOW FROM LOOKING at 

your e-mail lately that it’s 

possible to be debt-free, have 

perfect skin and be a babe 
magnet — with a little help from your 
new friends. 

But at least employees at Stamford, 
Conn.-based Xerox Corp. are shielded 
from such revolutionary offers — 
though the process hasn’t been easy. 
Last summer, Xerox’s firewall team was 
blocking 150,000 spam e-mails a month. 
By early fall, it was 60,000 messages a 
day, seven days a week, says Linda 
Stutsman, manager of corporate infor- 
mation security and risk management. 

In the past year, spam has moved be- 
yond personal e-mail accounts, invad- 
ing business systems and graduating 
from societal pest to corporate enemy. 
Companies are stockpiling their arse- 
nals — lists of legitimate senders and 
known spammers, tools that pick up on 
spamlike content or behavior, digital 
fingerprints and decoy e-mail address- 
es — to fight this invasion. On the oth- 





er side, however, new and resourceful 
recruits lured by spam’s promise of big 
financial returns are constantly devis- 
ing counterattacks. 

“There’s 10 times as much [corpo- 


| rate] spam this year as there was last 


year,” says Joyce Graff, an analyst at 
Stamford, Conn.-based Gartner Inc. 


| “It’s mind-blowing. And the economics 


are on the spammers’ side.” 
And, says Jason Catlett, president of 
Junkbusters Corp., a Green Brook, N.J.- 


| based antispam organization, the prob- 


lem is getting worse. “Spam is growing 
at a slightly faster rate than e-mail traf- 
fic,” he says (see chart, next page). 


Weapons of War 

The spam weapons that Graff finds 
most difficult to defend against are 
harvesting tools. For $39.95, marketers 
can buy a “spambot” that searches 
message boards and lists, culling up to 
100,000 e-mail addresses in an hour. 
Spambots also get into the relay game 


| with organizations’ message transfer 


VsbelosesllaLabatadassesdDoaelstatatseellly 





agents (MTA) by sending messages 
to, for example, georgebrown@ 
whitehouse.gov, georgebuckley@ 
whitehouse.gov and so on, until they 
find matches. 

To combat these spambots, Graff says, 
organizations need to set up their MTAs 
so they automatically disconnect as 
soon as they detect harvesting attacks. 

But, says Steve, a Washington-based 
spammer who asked to be identified 
by only his first name, spammers are 
continually finding — and sharing — 
new ways to hide their identities. For 
instance, he’s created a filter-evading 
script that randomizes subject lines 
and source addresses so they’re not 
easily identified as bulk mail. Big-time 
spammers buy servers that can ran- 
domize entire domains, says Steve. 

Spammers scan the Internet for 


While most e-mail users, corporate and 
otherwise, have developed a common 
aversion to spam, they have a far more 
Cue R VE lecy et 
constitutes spam. The following are types 
of e-mail generally categorized as spam: 
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open relays in foreign countries so 
their messages will be hard to trace. Or 
they set up free e-mail accounts and 
dump them before they’re caught. 
Spammers can blast out hundreds of 
thousands of messages, each with cus- 
tomized content and source addresses, 
and then quickly log out, says Mark 
Bruno, enterprise product manager at 
Brightmail Inc., a San Francisco-based 
vendor that got its start filtering e-mail 
for service providers but has since 
shifted its focus to corporations. 

Spammers also write programs that 
load in multiple accounts so when one 
account is terminated, another auto- 
matically kicks in, says Dan Clements, 
CEO of CardCops.com, a Malibu, 
Calif.-based online credit card and ad- 
vertising fraud watchdog group. 

It typically takes about two or three 
months from the time companies in- 
stall antispam software until they can 
effectively pick up on patterns. But 
once they do so, some systems can 
weed out 90% of spam with a less than 
1% false-positive rate, says Joe Fisher, 
senior product manager at Tumble- 
weed Communications Corp., a Red- 
wood City, Calif.-based messaging se- 
curity firm. And then vendors and 
their clients need to keep updating the 
tools to stay ahead of the spammers. 

“They’re just making my job harder,” 
says Steve. “But for them to stop spam- 
mers is almost impossible. There’s al- 
ways going to be some guy who knows 
how to build a new application, and 
everyone’s going to get it.” 

Some antispam systems claim to 
stop virtually all spam, which accounts 
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for 34% of all e-mail. These systems 
contain a variety of components: 

® Blacklists that compile and distrib- 
ute IP addresses of known spammers. 
There are also whitelists, which com- 
panies can build to identify legitimate 
senders. 

®@ Content-analysis tools that look for 
keywords. 

® Behavioral-analysis 
tools that look for pat- 
terns such as large num- 
bers of recipients or 
blind copies. 

® Address-validation 
tools that do reverse Do- 
main Name System lookups to ensure 
the sender isn’t trying to cloak his 
identity. 

® Digital fingerprints developed 
with algorithms and heuristics, to 
identify and block or filter common 
spam patterns. 

@ New products that can scan for 
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graphics such as skin tones to combat 
pornography, but those tools are still 
in their infancy, says Mark Levitt, an 
analyst at IDC in Framingham, Mass. 

Brightmail’s probe networks, which 
are getting high marks from analysts 
and antispam watchdogs, consist of 
dummy accounts set up through vari- 
ous Internet service 
providers and corporate 
clients to attract spam- 
mers. Brightmail 


to detect new tricks of 
the trade and continually 
evolves its antispam rule 
book. New rules are distributed and 


| 
updated in clients’ systems every 10 
| 


minutes, says Ren Chin, director of 

product development at Brightmail. 
After going through the battery of 

antispam indicators, a good filter will 


| assign percentages rating the probabil- 


ity that messages are spam, says Graff. 


| Depending on the comfort level of the 


| organization, messages above a certain 


| level can be automatically deleted, 


while others can be stored in spam 


| folders for IT staff or users to review. 


“This is not a perfect science,” says 
Graff. “If some product claims to do 
100%, run away from it, because they 


| don’t know what they’re doing.” 
Xerox keeps pace with new commer- | 


cial tools, but so far it has stuck with its 


| homegrown antispam system, says 


| Stutsman. Xerox also subscribes to 


| blacklists. About 75% to 80% of Xerox’s | 


spam is blocked at the gate, and an ad- 
ditional 20% of the remaining spam is 
later filtered out, says Stutsman. 


Staying Alert 
When 25% or more of Norfolk South- 
ern Corp.’s inbound e-mail was being 
identified as spam, Tony Samms knew 
something had to be done. 

“It was a very hostile environment,” 
says Samms, director of information 





security at the Norfolk, Va.-based 


ployee productivity, bandwidth and 
storage to consider. With close to 
10,000 users and an average of 30,000 
e-mails per day, spam had become a 
big financial problem. 


Southern installed IronMail from Ci- 
pherTrust Inc. in Alpharetta, Ga. The 
tool sits on Norfolk Southern’s gateway 
and uses an array of filtering strate- 
gies. Even with the filter, though, spam 
has managed to get into Norfolk South- 
ern’s system, so employees have been 
building a local deny list by sending 

| addresses to be blocked to the infor- 





Rape, so the company can’t add that to 


monitors those networks | 


freight, natural resources and telecom- | 
munications holding company. “Mes- 
sages showed pictures of people hav- | 
ing sex right in the e-mail.” 


There were also the drains on em- 


So at the end of last year, Norfolk 


mation security department. 

The biggest challenge has been 
avoiding false positives, says Samms. 
“We don’t want to block good e-mail, 
so we have to be careful,” he says. For 
instance, one employee’s last name is 





its list of words to be filtered out. 
Samms says the 25% spam rate has 

been reduced to about 1% or 2%. 
Santa Clara, Calif.-based Macro- 

vision Inc. has opted for a voluntary 


| spam-fighting program, letting end 
| users decide whether they want to use 


the PerlMx filters from Vancouver, 


| British Columbia-based ActiveState 


Corp., which the company installed 


| last spring. Then they customize their 
| filter settings, so the sales representa- 


tives can keep getting newsletters pep- 


| pered with terms like invest and bar- 


gain, for example, and the mailroom 
clerks can keep solicitations to a mini- 
mum, according to Macrovision sys- 
tem administrator Mike Stevens. 
Stevens hasn’t calculated the return 


} on the $10,000 investment, but he says 
productivity has jumped. “You get your 
| return on investment back in a relatively 
| short time,” he says. D 





| Solomon is a freelance writer 
| in New York. Contact her at 
| melissasolomon7@hotmail.com. 


THE OTHER SIDE 


MAIL SERVER APPLICATION to cloak 
your identity: $1,000. Internet service 
provider account: $10 a month. Bulk mail- 
ing list: $20. For a midlevel spammer like: 
“Steve,” that investment can be recouped : 
ina day. : 

Six years ago, Steve bought a list of 
e-mail addresses to hit with pitches from 
adult Web sites. Since then, he’s grown 
that list (and its value) about tenfold by 
trading with other spammers. 

And there's the spammer’s most pow- 
erful tool: his cohorts. 

For a $29.99 membership fee, sites 
like BulkBarn.com offer 300,000 “fresh 
bulk e-mail addresses” weekly (1 million 
for another $20), bulk e-mail starter kits 
and free bulk e-mail software. 

“They started out as little script kiddies, 
and they turned into big companies,” 
Steve says. “People troubleshoot there, 
just like any other business.” 

Big business it is - with ail the pres- 
sures that suggests. In fact, Steve has al- 
ready entered semiretirement as a spam- 
mer at the ripe age of 32. He took a job 
this year as a Microsoft engineer at a 
Washington-based government agency. 
“| was getting too old to do it full time,” he 
says. Still, spamming in his free time, he 
subsidizes his income by about $40,000 
annually. 

The problem with spam-fighting tools 


: is that they wage war against the wrong 
= enemies, says Dan Clements, CEO of 


CardCops.com, an advertising and credit 


> card fraud watchdog group. The true ben- 


eficiaries of spam are the big businesses 


: that pay spammers a portion of their rev- 
> enues to bring in new customers, all the 

: while turning a blind eye to their renegade 
: marketing tactics, he says. 


Steve concurs, and he even has lists of 


: Sites that offer little or no resistance to 

: spamming. As long as he can zap out 

: 400,000 adult e-mail messages, get 30 
> hits and collect $1,000, he'll keep at it. 


While the spam community is strong, 


> SO, too, is the antispam community. Orga- 
: nizations such as The Spamhaus Project 

: and the Mail Abuse Prevention System 

= LLC publish information on known spam- 
: mers. But in order to truly wipe out spam, 
: an international body of law must be cre- 

: ated, says Gartner analyst Joyce Graff. 

: And that's at least a decade off, she adds. 


In the meantime, even though Steve 


: wishes away the junk mail that clogs his 
: in-box, he still benefits from the way the 
> system works. 


“| hate spam,” he says. “I've gotten 


: death threats. People have threatened to 
kill my dog. . .. But when you make a 

: thousand bucks in one day, you could 

> care less.” 


- Melissa Solomon 
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Tuning in threats - and tuning out 
false positives - requires good tools 
and the right processes and policies 
to manage them. By Dan Verton 


HE SOUND of intrusion-detec- 
tion systems (IDS) sifting 
through the torrents of data 
entering networks and sending 
alerts about hacker attacks 
might be music to the ears of 
most security administrators. But if the 
IDS isn’t tuned properly, those alarms 
can sound like fingernails 
scraping a chalkboard. 
Despite better event corre- 
lation and centralized management 
consoles, fine-tuning an IDS so that it 
detects and generates alerts about only 
bona fide intrusions remains a classic 
security challenge. The answer to the 
IDS tuning dilemma rests not so much 
in technology but in people, processes 
and policies, say analysts and IT secu- 
rity professionals. 


Crying Wolf 

IDSs don’t seem to work unless users 
have the time to stand guard with them 
and investigate every unusual incident, 
no matter how minor. 

IDS tuning involves more than sim- 
ply configuring the system to look for 
port scans and other attack signatures 
(software code that indicates malicious 
activity). Each IDS must be tuned to 
detect incidents that are pertinent to 
the specific network or subnetwork on 
which it’s deployed. And if you try to 
detect everything, you’re asking for 
trouble, says Bill “Ches” Cheswick, 
chief scientist at Lumeta Corp., a de- 
veloper of network security monitor- 
ing software in Somerset, N.J. 

“This leaves network administrators 
with two problems: An IDS that misses 
some things, which can cause sleepless 


IDS TECHNOLOGY ADVANCES 


Vendors tune-up tools to tune out false positives 
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nights, and an IDS that is constantly 
whining about things that are OK,” he 
says. “Eventually, it cries wolf too much 
and the overworked network adminis- 
trator tunes it down, weakens the rules 
or doesn’t check the logs as often. I 
don’t believe this problem is solvable.” 

Perhaps not, but to make progress, 

you should know what you 

want to protect, determine 

what you'll do if an incident 
is detected and have trained IDS ana- 
lysts available, says Steve Prather, di- 
rector of network services at ViaWest 
Internet Services Inc. in Denver. 

“Companies tend to struggle with 
their IDS most when they have not 
properly tuned their system to their 
environment and their security policy,” 
says Prather. “In some cases, a compa- 
ny may even try to implement an IDS 
without first putting a security policy 
in place.” And not knowing how you 
should respond to an incident can be 
as problematic as not tuning your IDS 
properly, he says. 

“Much of an IDS’s effectiveness re- 
lies on what the company has stated 
they will do when an incident occurs,” 
says Prather. “Who responds to what 
type of alert? At what level do we shut 
off connectivity or take servers down? 


This means a company needs a solid 


incident-response procedure for their 
IDS to be effective.” 

“It’s more than just intrusion 
detection; it’s intrusion protec- 
tion,” says Jeff Gorball, senior 
vice president of operations at 


| Kingland Systems Corp., a 


financial sector e-commerce 
service provider in Clear Lake, 
Iowa. “You have to ask yourself, 
What am I trying to protect, and 
what or who am I trying to protect 
against?” 

Gorball set up his IDS as part of a 





larger defense-in-depth security archi- 
tecture. He uses increasingly tougher 
IDS rules as traffic passes through the 
network’s rings of defense. “If you set 
up your alerts for those rings that are 
inside the outer rings, you’ll have few- 
er alerts to reckon with,” Gorball says. 


The Right Technology Mix 


But can a few IDSs alone do the job? 
Not by a long shot, say experts. For ex- 
ample, most companies should have 
multiple IDSs deployed throughout the 
organization, including network-based 
IDSs, which monitor network connec- 
tions; host-based IDSs, which monitor 
server and workstation activity; and a 
mix of signature-based and knowl- 
edge-based IDS technologies. 

Knowledge-based IDSs tune them- 
selves to your network environment 
and look inward to learn how to spot 
anomalies or unusual behavior — a 
critical capability today, when most se- 
curity incidents originate from inside 
the firewall. In addition, some experts 
recommend using decoy servers, 
called honey pots, in conjunction with 
IDS technologies to divert an intrud- 
er’s attention and give the security 
staff more time to respond. 

“All of these layers need to be pro- 
tected,” says Chris Klaus, chief tech- 
nology officer at Internet Security 
Systems Inc. in Atlanta. “Do not rely 
on just network IDS or server and 
desktop IDS. They need to be looked 
at holistically and 
integrated to 
maximize pro- 
tection against 
intruders.” 
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While some IDS vendors have come 
out with systems that are capable of 
active response to real-time intrusions, 
Mike Stute, CTO at Global DataGuard 
Inc. in Dallas, recommends that users 
stay away from this feature. “In gener- 
al, this doesn’t work well. Human intel- 
ligence is required to respond appro- 
priately,” he says. 

But there are other ways you can in- 
advertently kill your IDS deployment 
project, says Gorball. “When you first 
put it online, you’re going to want to 
do so in monitor mode to make sure 
the rules you've set up will not ad- 
versely impact your workflow when 
you put it into an active state,” he says. 
“If you don’t get the rules exactly right, 
you could leave vulnerabilities in place 
or, worse yet, kill legitimate traffic.” 

And there’s only one way to get the 
rules right, says Stute. “It takes con- 
stant human involvement. Tuning re- 
duces false positives but creates false 
negatives. Once someone is paged 30 
times a night for five nights and finds 
that in all cases it was a false [alarm], 
most administrators will just remove 

that signature from the 
database and call it good.” B 


The Balancing Act 
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Morning, 
Dave... 


The Defense Department is work- 
ing on a self-aware computer. 
By Kathleen Melymuka 


NY SCI-FI BUFE 
knows that when 
computers become 
self-aware, they ulti- 
mately destroy their creators. 
From 2001: A Space Odyssey to 
Terminator, the message is 
clear: The only good self- 
aware machine is an un- 
plugged one. 
We may soon find 
out whether that’s true. 
The Defense Advanced 
Research Projects 
Agency (DARPA) is 
accepting research 
proposals to create the first 
system that actually knows | 
what it’s doing. | 
The “cognitive system” | 
DARPA envisions would rea- | 
son in a variety of ways, learn 
| 


from experience and adapt to 

surprises. It would be aware of | 
its behavior and explain itself. 
It would be able to anticipate | 
different scenarios and predict | 


ane ee = 


FUTURE 
WATCH 


and plan for novel futures. 

“It’s all moving toward this 
grand vision of not putting 
people in harm’s way,” says 
Raymond Kurzweil, an artifi- 
cial intelligence guru and CEO 
of Kurzweil Technologies 
Inc. in Wellesley Hills, Mass. 
“If you want autonomous 
weapons, it’s helpful for them 
to be intelligent.” 

Cognitive systems 
will require a revolu- 
tionary break from 
current computer evo- 
lution, which has been 
adding complexity and brittle- 
ness as it adds power. 

“We want to think funda- 
mental, not incremental im- 
provements: How can we 
make a quantum leap ahead?” 
says Ronald J. Brachman, di- 
rector of DARPA’s Information 
Processing Technology Office 
in Arlington, Va. Brachman 
will manage the agency’s cog- 
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nitive system initiative. 

The goal is to create sys- 
tems that take better care of 
themselves, and some manu- 
facturers have already made 
small advances, Brachman 
points out. Software that tests 
itself automatically is a step in 
the right direction. So is soft- 
ware that walls itself off to 
avoid taking down the larger 
system in case it crashes. 

Add advances in speech 
recognition and machine 
learning, and there may be 
enough “bits and pieces” to 
achieve the critical mass nec- 
essary for a real breakthrough, 
Brachman says. 

“You get enough really 
smart people working on a 
really hard problem, and you 
get outcomes you didn’t really 
expect,” he adds. “We're hop- 
ing for a little serendipity.” 

They'll need it. The prob- 
lems to be addressed are near- 
ly as imposing as the dream. 
For example: 

®@ How can a cognitive sys- 
tem learn from experience 
and use what it has learned to 
cope with new situations? 

® How can it prioritize 
“standing orders,” given com- 
plex and conflicting goals? 

® How can it recognize im- 
portant low-frequency events 
among the huge amounts of 
data in its “experience?” 

®@ How can it use context to 
decipher complex actions, 
events and language? 


Undaunted 
Despite the challenges, Brach- 
man is undaunted. “DARPA is 
about looking out of the box, 
the big reach,” he says. “If we 
succeed, we can change the 
world in very dramatic ways.” 
Kurzweil agrees. “DARPA 
research tends to be visionary, 
and [although it] provides 
building blocks for future 
weapons systems, there’s also 
applicability throughout soci- 
ety,” he says. For example, 
DARPA’s research and devel- 
opment on advanced commu- 
nications led to the Internet. 
Its pattern-recognition ad- 
vances led to technology that 
helps guide cruise missiles, 
reads electrocardiograms and 
detects computer fraud. The 
machine vision advances 





DARPA has funded have obvi- 
ous value for satellites and air- 
craft as well as factory robots. 
Brachman says cognitive 
systems could assist or replace 
soldiers on hazardous duty or 
civilians responding to toxic 


| spills or disasters. It’s not pos- 


sible to preprogram a re- 
sponse to an emergency, but a 
cognitive system could size up 
many complex variables and 
chart its own course. A system 
that could imagine multiple 
scenarios could outsmart ter- 
rorists — or your business 
competitors — by envisioning 
actions they might take and 
assessing each for plausibility 
and impact. People can be 
blinded by prior experience 


| and biases, Brachman notes, 
| but a computer with no pre- 


conceptions could show hu- 
mans how to think differently. 
Moreover, self-explaining, 
self-debugging systems would 
require virtually no training 
and little maintenance. They 
would learn, not crash, when 
faced with a new situation. 
But what about HAL 9000 


Freewheeling 
Zealots in Pursuit 
Of Their Goals 
DARPA is an anomaly in the fed- 
eral government: an agency de- 
signed and operated to be small 
and nimble - a counterpoint to 
traditional Defense Department 
thinking and procedure. 
Established in 1958 in re- 
sponse to Sputnik, DARPA’s mis- 
sion is to apply state-of-the-art 
technology for military purposes 
and to keep the U.S. from being 
surprised again. But its initiatives 
have had broader applications. 
For example, DARPA was instru- 
mental in the development of the 
mouse, hypertext, TCP/IP proto- 
cols and the Internet itself. 
Reporting to the director for 
defense research and engineer- 
ing, DARPA remains small (240 
people), flat and free of bureau- 
cracy. It has a $2 billion budget 
and 140 technical staffers drawn 
from industry, academia and 
government labs and research 
centers for three to five-year ro- 


| 


| 
| 
| 
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and the other fictional com- 
puters that have run amok? “In 
any kind of technology there 
are risks,” Brachman acknowl- 
edges. That’s why DARPA is 
reaching out to neurologists, 
psychologists — even philoso- 
phers — as well as computer 
scientists. “We're not stum- 
bling down some blind alley,” 
he says. “We’re very cognizant 
of these issues.” 

The solicitation is open to 
anyone, and DARPA won't 


| speculate about who might 


step forward, for fear of limit- 
ing responses. 

The project will have a 
three- to five-year life — long 
enough, Brachman hopes, to 
prove the value and plausibili- 
ty of the concept. “We don’t 


| expect a full-fledged artificial 


assistant in four years,” he says, 
“but that should be enough 
time to start getting some con- 


| crete indications that some of 


these dreams are possible.” D 


Melymuka is a Computerworld 


| contributing writer. Contact her 


| at kmelymuka@earthlink.net. 


tations to ensure a constant in- 
flux of fresh thinking. 
Projects such as DARPA’s 
cognitive systems initiative are 
typically funded at $10 million to 
$40 million over four years, with 
one program manager, five to 10 
contracting organizations and 
two universities working toward 
one goal. Although a new project 
may later be started in the same 
area as one that has ended, it 
isn’t an extension and must win 
approval on its own merits. 
According to DARPA, pro- 

gram managers are selected to 
be “technically outstanding and 
entrepreneurial, freewheeling 
Zealots in pursuit of their goals.” 
And senior management has 
protected their independence to 
enable them to investigate ideas 
and approaches that the tradi- 
tional R&D community finds too 
outlandish or risky. Aside from 
the requirement that taxpayer 
funds are used responsibly, 
there are virtually no rules, and 
failure is acceptable if the poten- 
tial payoff is high enough. 

~ Kathleen Melymuka 
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Stalking Elusive 
Access Points 


Anintegrity checker reinforces security 
walls, but rogue APs continue to open holes 
from within. By Mathias Thurman 


ATELY I'VE BEEN having | 
aproblem getting Trip- | 
wire and our enterprise | 
backup software to work ! 
together. 

I recently purchased the 
file-integrity-checking soft- 
ware from Portland, Ore.- | 
based Tripwire Inc. to serve as 
an additional security layer 
after recent mergers wreaked 
havoc with my company’s 
intrusion-detection 
system infrastructure 
The problem in- 
volved the backup 
software’s manipula- 
tion of file attributes, 
which in turn led 
Tripwire to generate 
false alerts. We tweaked the 
policy files as a work-around. 

That problem resolved, I 
still had to roll out the Trip- 
wire agents to all of our 
servers. To aid in the distribu- 
tion of those Tripwire agents, 
I created a Web site with in- 
stallation software and in 
structions. For each distribu- 
tion, I created either a shell 
script or batch file that auto- 
mates the installation process 
on our Unix and Windows NT 
servers. 

Now when we direct sys- 
tems administrators to install 
these applications on a sys- 
tem, we can point them to the 
Web site. They then down- 
load, extract and run the script | 
or batch file, and the software | 
installs itself automatically. 
After the install is completed, 
the administrator contacts the 
SecurID or Tripwire adminis- 
trator, who adds the resource 
to the appropriate application 
management console. 

Meanwhile, my efforts to 
build an enterprise wireless 
LAN — and eliminate unau- 





- SECURITY. 


thorized WLAN installations 
companywide — seems to 
take a new twist every day. I’m 


| still evaluating products, but 


my shortlist includes Cisco 
Systems Inc.’s Aironet hard- 
ware and San Mateo, Calif.- 
based AirWave Wireless Inc.’s 
AirWave Management Plat- 
form software. 

Unfortunately, the Cisco 
access points (AP) don’t sup- 
port rogue AP de- 
tection, and the 
salesperson says 
that won't happen 
until next year. Con- 
sidering the prob- 
lems I’ve been hav- 
ing with users in- 
stalling unauthorized, inse- 
cure APs, rogue AP detection 
is high on my list of desired 
features. In fact, I won’t agree 
to deploy a WLAN infrastruc- 
ture without it. 

If we do choose Cisco, it 


| will be because of the com- 


pany’s market position. It’s 
financially stable, our compa- 


| ny already has a relationship 


with it, and we know we can 
count on Cisco for support. 
In contrast, the other compa- 
nies we've looked at are all 


Rogue AP detection 
is high on my list 
of features. In fact, 
| won't agree to 
deploy a WLAN 
infrastructure 
without it. 





small and management has 
been reluctant to purchase 
equipment from them. 

Until we have a WLAN sys- 
tem with rogue AP detection 
capabilities, I’m still stuck 
finding a way to locate those 
illegal APs I’ve detected in 
our buildings. These APs are 
configured with wide-open 
security settings, providing 
open on-ramps to our LAN 
infrastructure. 

I detected them by equip- 
ping my Compaq iPaq with an 
AirMagnet Handheld PC Card 
and detection software from 
Mountain View, Calif.-based 
AirMagnet Inc. I can pick up 
the signals, but I can’t tell 
where the APs are. A manage- 
ment e-mail demanding the 
removal of these devices 
seems to have had the oppo- 
site effect. 


Homemade Tools 
My initial attempts at finding 
the rogue devices via some of 
the known LAN media access 
control (MAC) addresses 
were unsuccessful, due to 
some outdated wiring closet 
maps. So I decided to try to 
pinpoint the locations using 
wireless technology. AirMag- 
net uses an omnidirectional 
antenna. I needed a direction- 
al antenna to zero in on the 
exact source of the signal. Ini- 
tially I was going to buy one, 
but after hearing from readers, 
I decided to try making one 
myself. I used instructions I 
read in Rob Flickenger’s web- 
log (www.oreillynet.com/cs/ 
weblog/view/wlg/448). 
Although Flickenger used a 
Pringles potato chip can, I 
substituted a metal tennis ball 


| can, as suggested by readers. It 


didn’t work. I assembled the 
thing as instructed, placed a 
Cisco Aironet AP1200 in an 
unoccupied office and tried to 
use my device to home in on 
the signal. The readings were 


inconsistent. So much for sav- 
ing money. 
| Purchasing a commercial di- 
rectional antenna could be my 
next step, but it may be more 
efficient to find these APs by 
using the LAN MAC addresses 
and tracing those back through 
our Cisco switches to the local 
wall jack. This should at least 
work in those building areas 
where I have accurate wiring 
| maps. But the APs have both 
radio and LAN MAC address- 
es, which differ from each oth- 
er, and I can detect only the ra- 
| dio address. I need some way 
to match up that radio address 
to the LAN MAC address I can 
see on the switches. 

I thought I found a way to do 
this. The first three octets (24 
bits) of any MAC address form 
the organizationally unique 
identifier (OUD. By looking up 
this number in an IEEE Web 
site registry, you can determine 
the AP manufacturer’s name. 
That should have made discov- 
ering an AP’s LAN address eas- 
ier, since the vendor name on 
the radio and LAN MAC ad- 
dresses should be the same — 
and the vendors of the con- 
sumer-grade rogue APs most 
likely will differ from those of 
our regular LAN hardware. 

Unfortunately, I discovered 
that the vendor’s name may 
| not be the one that appears on 
| the OUI, and even the OUI 
names in the radio and LAN 
MAC addresses can differ. I 
experimented with an AP from 
Rockville, Md.-based 3e Tech- 
| nologies International Inc. 
After querying the IEEE data- 
base, I discovered that the ra- 
| dio OUI was registered to one 
Taiwanese company and the 
LAN OUI to another. Neither 
| identified 3e Technologies. 

So, has anyone got a better 
idea? I welcome your com- 
| ments in the security forum. D 


This week's journal is written by a real 
security manager, “Mathias Thurman,” 
whose name and employer have been 
disguised for obvious reasons. Contact him 
at mathias_thurman@yahoo.com, or join the 
discussion in our forum: 
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Security Manager's Journals, go online to 
| @ computerworld.com/secjournal 








www.computerworld.com 


SECURITY LOG 


Security Bookshelf 
® Network Intru- 
sion Detection 
(3rd Edition), by 
Stephen Northcutt 
and Judy Novak; 
New Riders Pub- 
lishing, 2002. 
Anyone who's had 
the pleasure of attending 

one of Stephen Northcutt’s 
SANS Institute classes will find 
this book's approach quite fa- 
miliar. Northcutt gives the 
reader enough information to 
hit the ground running with the 
TCPdump and Snort intrusion- 
detection tools. He offers ex- 
amples, screen dumps and 
techniques to run a network 
intrusion-detection system 
(IDS). Although the author 
focuses on using the Snort util- 
ity, the concepts apply to any 
network-based IDS. This book 
is a must-have for any security 


practitioner's reference set. 
~ Mathias Thurman 
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Brio Software 
Launches Business 
Intelligence Suite 


Last week, Santa Clara, Calif.- 
based business intelligence appli- 
cations provider Brio Software 
Inc. announced its Brio Perfor- 
mance Suite 8. The product of- 
fers a consistent interactive user 
interface across all its tools, as 
well as integrated reporting and 
business intelligence features. 
Pricing starts at $150,000 for the 
entire suite. The software will be 
generally available next month. 


Cisco Offers 
Ethernet Switch 
Upgrade 


Cisco Systems Inc. last week an- 
nounced the Cisco Catalyst 2950 
Long-Reach Ethernet Switch to 
provide networkwide intelligence 
such as quality of service, net- 
work availability and network 
security over existing telephone 
lines for small and midsize busi- 
nesses and multitenant buildings. 
Long-Reach Ethernet switching 
has been available for 18 months, 
providing bandwidth of 2M to 
15M bit/sec. over existing copper 
wiring for up to 5,000 feet. The 
new 2950 adds Layer 3 and 4 
network intelligence features. 
Pricing for an eight-port switch is 
$1,895 and for a 24-port switch 
is $4,495. Both are scheduled to 
become available next month. 


Trucker Converts 
Vehicles to Aether 
MobileMax 


Owings Mills, Md.-based Aether 
Systems Inc. has announced that 
carrier J&R Schuge! Trucking Inc. 
in New Uim, Minn., has equipped 
its entire fleet of 600 trucks with 
the Aether MobileMax system for 
wireiess vehicle tracking and 
messaging. The MobileMax sys- 
tem transmits dispatch and data 
messages and Global Positioning 
System reports. It also provides 
data on state-line crossings, 
vehicle fault codes and driver 
performance. 





TECHNOLOGY 


NICHOLAS PETRELEY 


PHP and 
Hit Prime 


T’S STRANGE TO SAY that PHP (Hypertext Pre- 
processor) has only recently reached the point 
where it’s ready for prime time, since PHP is 
already the most popular Apache module, run- 
ning on almost 10 million domains (over a mil- 


lion IP addresses). 

Nevertheless, I’ve had 
some reservations about 
PHP until recently, espe- 
cially with respect to po- 
tential security holes. Then 
I downloaded and installed 
the latest version of FUD- 
forum, an open-source 
PHP-based Web discussion 
forum package I use for my 
nonprofit Web site, Var- 

Linux.org. You can get an 

idea of what FUDforum 

looks like by visiting www. 
varlinux.org/forum. But what you 
should really examine is the PHP code 
behind FUDforum, which you can 
download from http://fud.prohost.org. 

At some point when I wasn’t look- 
ing, PHP matured to a point where one 
could easily avoid the security holes 
that plagued some old PHP programs. 
This is especially true if you take an 
object-oriented approach to building 
your PHP applications. 

Another good example of high-qual- 
ity PHP programming is php WebSite 
(http://phpwebsite.appstate.edu), a 
Web content management system with 
several good snap-in expansion mod- 
ules, including one that lets you create 
e-mail accounts for CommuniGate 
Pro, an increasingly popular drop-in 
replacement for Microsoft Exchange. 
The CommuniGate Pro e-mail and 
groupware server (www.stalker.com) 
has a built-in Web interface for e-mail 
that you can integrate into the site you 
manage with phpWebSite. 

The only thing I haven’t yet seen 





done well in PHP is an 
open-source Web-based 
groupware application. Ya- 
hoo did a pretty good job 
designing its Web-based 
calendar (http://calendar. 
yahoo.com). It even allows 
you to synchronize your 
data with a Palm device. 
But most IT departments 
are going to want to host 
their own calendars and 
groupware, and if there’s 
° anything that’s been done 
in PHP that is of comparable quality to 
what Yahoo came up with, I haven’t 
found it. There is at least one decent 
commercial offering, Internal Affairs 
(www.internalaffairs.de/en/), and sev- 
eral open-source projects are in the 
works, a promising one being PHProj- 
ekt (www.phprojekt.com). But none of 
the ones I’ve tried exploit the maxi- 
mum potential of the PHP platform. 


Love That Python 


Of course, there’s more to life than 
PHP. One of my favorite programming 
languages is Python (www.python.org). 


| It seems I don’t go a week these days 


without someone asking me what I 
know about Python, so it seems to 
be gaining quite a following in main- 
stream IT. 

Admittedly, Python is a love-it-or- 
hate-it language, but those who love it 
claim to be far more productive than 
with any other language. Being on the 
love-it end of the spectrum, I'd argue 
that it’s a well-founded claim. 
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But Python hasn’t gotten much past 
the promising stage for Web applica- 
tions development. Until recently, 
Webware has been the best choice for 
Python programmers (http://webware. 
sourceforge.net/). Webware is very 
nicely done, but its one weakness is 
that you need to run a Python-based 
application server in parallel to your 
Web server. In contrast, PHP inte- 
grates directly into the Apache Web 
server through a plug-in module. 

There’s nothing inherently wrong 
with the Webware approach, but it is 
difficult to tell how much overhead 
Webware will add to your applica- 
tions. Webware simply hasn’t been 
around the block as many times as 
comparable Java-based application 
servers. 

Spyce is a newcomer to the Python 
Web applications approach, and it may 
not only push Webware off the map, it 
could also eventually give PHP a run 
for its money (http:/Apyce.source- 
forge.net). Spyce lets you embed 
Python code into your HTML in basi- 
cally the same way you would if you 
used Webware and Python Server 
Pages. But Spyce doesn’t need a sepa- 
rate application server to work. Spyce 
piggybacks off the Python or fast-CGI 
modules available for Apache. 

I haven’t done much more than a 
few minor exercises with Spyce, but 
so far I’m extremely impressed. The 
library of Web features for session 
management, cookies, forms, pooled 
variables and other Web applications 
goodies makes it surprisingly easy to 
toss together a prototype to see if it’s 
worth using for your next project. If 
you even have a passing interest in 
Python, I recommend that you give 
Spyce a look. B 
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| Presenting network computers that work so hard, 
_ they’re even dressed up on casual Friday. 








Twenty-four hours a day. Seven days'a week. Gateway's new-computers are wearing a power suit. 

Because not only do- they look sharp, they also exhibit the performance and. versatility Geet Ksa ie 
your business needs in a network PC. With their stable platforms and Intel Pentium 4 processors, 
Gateway's computers. are. easy to maintain, easy to upgrade and even easy on the budget. 





A better way. 
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Gateway recommends Microsoft” Windows’ XP Professional for Business. 
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Finding the T in TCO 


Calculating the total cost of ownership 
for desktop systems is becoming a tricky 
task, as workers’ desktops often comprise 
more than just a PC. IT departments 
must now figure in costs associated with 
laptops, PDAs, cell phones and wireless 
service connections. Page 48 


IMI MORAN’S IT client services group 

handles all the moves, adds and 

changes for hardware and software at 

the Framingham, Mass., offices of 

Genzyme Corp., a biotech company. 

All 51 people in the group have badges 
that allow access to Genzyme buildings, offices, cafe- 
teria, closets and cubicles. They all use passwords to 
roam through the corporate intranet and most sys- 
tems. But 30 of them aren’t Genzyme employees at 
all. They’re contractors from Siemens Business Ser- 
vices Ltd. in Berkshire, England. 

Moran, director of IT client services, makes virtu- 
ally no distinction between her Genzyme and Sie- 
mens employees. “If you deny them access to your 
business and your systems and then ask them to han- 
dle the technology, how are they going to do it?” she 
asks. “We don’t make a distinction. It’s a trust thing.” 

Some would say Moran is asking for trouble. “A 
manager who says vendors are part of the team has 
drunk the Kool-Aid,” says Phil Bode, director of train- 
ing at International Computer Negotiations Inc., an 
IT procurement consulting firm in Winter Park, Fla. 

Bode says vendor services people are also infor- 
mation gatherers who learn everything they can 


about customer operations and report it back to their | 


vendor employer. 

“Vendors are in business to make money and to 
grow sales,” says Larry Graham, vice president of 
IT vendor management at San Mateo, Calif.-based 
Inovant, a transaction-processing subsidiary of Visa 
International Inc. “On average, they will do whatever 





A Squeezed Supplier Never Forgets 
Anyone can cut supplier costs in a buyer’s 
market. Suppliers expect you to play hard- 
ball, demanding significant price cuts. 

But don’t squeeze too hard. It’s bound to 
leave your suppliers angry and waiting for 
revenge, advises columnist Bart Perkins. 


Page 52 


is ethically reasonable to help them do that.” 

“If vendors are on the premises, and they hang 
around and drop in on meetings and talk to people, 
they’ll know far more than they should know about 
future projects, and that gives them an advantage 
in negotiations” for future contracts, agrees Dave 
Weidenfeld, managing counsel for McDon- 
ald’s Corp. in Oak Brook, Ill. 

What goes on in your company is your 
company’s business, Graham adds, and 
the more inside information a vendor 
gains, the less control you have over the 
relationship and the more the vendor 
can use that information to procure ad- 
ditional work or freeze out competitors. 

“Too much information becomes like a 
loose cannon,” Graham says. “Where 
will it go and how will it be used? You 
don’t know.” 

Are the vendors in your ranks trusted 
allies or corporate spies? Do you trust in 
their good intentions, share information and 
access privileges and work as a team, or keep : 
them at arm’s length, batten down the hatches and 


| accept the productivity trade-off? “There is a risk 


that if you bring people in, they’re going to learn 
things,” says Weidenfeld. “You trade that for in- 
creased productivity or more effective project work.” 
“This is an especially big issue as more and more 
companies look at their core competencies and real- 
ize they need to partner for things they don’t excel 
in,” says Andrew Shimberg, an analyst at The Con- 


KNOW YO 
PARTNER 


Including vendors on IT teams bolsters project expertise 
but at the risk of exposing far too much inside information. 
Here’s how to get the most out of trusted allies while foiling 
corporate spies. BY KATHLEEN MELYMUKA 


QUOTE OF THE WEEK 
& ClOs have become very risk-averse. . . . The 
best way to not have things blow up is to 
not put new things in the mix. There’s a challenge 
for ClOs to move to being focused on how tech- 
nology can help . . . major business initiatives. 
~ John Hagel Ill, consultant and book author, on the reluctance 
of investing in Web services. Page 52 
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VENDOR ACCESS TIPS 


about vendor access issues now, and develop 
Pee Ee eel ROR UCL m Cet hy 
See ume r Musil oe 


access details on a case-by-case basis during 
Pea mire Mee 


employees at all levels about physical, 
Ur UR een eset oe 


a “need to know” policy~ and use it. 
future plans or budgets with vendors. 


the access vendors have to the physical plant; 
CRU URL eet Le 


access to nontechnical vendors. 


the areas vendors can enter. Make sure 
there are no project plans, budget figures or other 
future-oriented information on walls or whiteboards. 


a policy about accepting vendor gifts, 
lunches or invitations to play golf and the like. 


cours Group, a consulting firm in Kingwood, Texas. 

Bode says every vendor wants to know three 
things: What’s your budget? When do you need to 
start and stop? And who's going to make the decision? 
“If I can get any of that for an upcoming project, I 
can circumvent the procurement process,” he says 
(see “Cons” box below). 

Some clients make it easy. “We give them keys to 
the company store,” Bode says. A vendor with access 
to the physical plant might see charts about upcom- 
ing projects on bulletin boards; information about 


A TRUSTING RELATIONSHIP 
BRINGS RESULTS 


Q “| treat my Siemens manager the way | 
treat my Genzyme manager,” says Mimi 
Moran, director of IT client services at Gen- 
zyme. “I don’t make the distinction that he works for 
someone else; he works for me.” 

The 30 Siemens workers in her 51-person client ser- 
vices group go through Genzyme's orientation. They 
have the same unfettered physical and virtual access as 
most Genzyme employees so they can repair and deliver 
equipment to desktops throughout the company. They 
eat at the cafeteria and attend IT-sponsored events. 

Recently, the ClO decided to give IT personnel a 
denim shirt with a newly developed IT logo. “We were 
going to put a little ‘Genzyme’ on some and ‘Siemens’ 
on the others, but the ClO said, ‘No, everybody is IT,"” 
Moran recalls. 

“We will trust them to perform just like everybody in 
the organization,” she says. “We don’t hold things back.” 
It seems to be working. When the group started the 
engagement three years ago, it had a customer satisfac- 

tion rating of 3.8 on a scale of 5. Today, it’s more than 
4.4. “| know it's business, but they do an awful lot for us 
because we have a good relationship,” Moran says. “If 
we didn’t, would they go that extra mile?” 

~- Kathleen Melymuka 
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budgets, timelines and project leads on conference 


| room whiteboards; or data left carelessly on a desk- 


top or even on a PC screen. 

An unscrupulous vendor could even nose around 
after everyone has left for the day. “Many of our peo- 
ple came from that side, and we know that this hap- 
pens,” Bode says. 

Vendors disagree. “This is the first I’ve heard of 
this tactic by any vendor,” says Jonathan Thompson, 
a spokesman for the Software & Information Indus- 


| try Association in Washington. “I find it hard to be- 


lieve that a supplier company would risk losing the 
client’s loyalty and continued support through unsa- 
vory tactics.” 

Bode stresses that he’s not questioning the ethics 
of the industry. “We don’t think all vendors are un- 
scrupulous,” he says, “but information is power, and 
we want a fair deal.” 

Ethical or not, vendors ought to be treated with 
care, says Gopal K. Kapur, president of the Center for 
Project Management, a consulting firm in San Ra- 
mon, Calif. 

“When people walk around, they listen and see 
and learn, and they’re going to use it,” Kapur says. 

But there are undeniable benefits from giving on- 
site vendors access. “If they’re doing tech services 
like a help desk inside IT, that’s enabling to the busi- 
ness,” says the Concours Group’s Shimberg. “You 


| need to integrate the help desk process with your 
| other processes, which should also be integrated 


with the business. If you keep that at arm’s length, 


i e e . ” 
| it will feel that way to business customers as well.” D 


| Melymuka is a Computerworld contributing writer. 
ie ie 
| Contact her at kmelymuka@earthlink.net. 


THE VENDOR THAT 
KNEW TOO MUCH 


wy) Once, while working on a project for a client, 
Phil Bode’s International Computer Negotia- 
tions IT team was doing preliminary planning 
for a wide-area network. “We were trying to figure out how 
to do it,” he recalls. “There were charts up on the wall.” 

An employee of the company’s long-distance carrier 
who had access to the facility came in and saw the charts. 
“He knew the timeline, and he got a pretty good idea of 
the budget from talking to people,” Bode says. With this 
information, the vendor put together a proposal, and the 
sales rep approached the CIO, a golfing buddy. He talked 
the CIO into awarding his company the contract rather 
than following the request-for-proposals (RFP) process 

Inside information and a too-friendly relationship with 
the CIO enabled the vendor to circumvent and control 
the customer's procurement process, and things went 
downhill from there. Because there was no RFP, the 
project requirements were never nailed down properly. 
Because multiple bidders weren't heard from, no new 
ideas or approaches were considered, and there was no 
competition over price. “It was over time and over bud- 
get, and we wound up spending more in service charges 
each month than we thought we would,” Bode recalls. “It 
was one of the worst projects | ever saw.” 

- Kathleen Melymuka 
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FINDING A HAPPY MEDIUM 


The key is to find a balance in building a relationship 
with a vendor, says Tony Romero, CIO at Mitsubishi 
Motor Sales of America Inc. in Cypress, Calif. “We 
make our vendors part of the project team,” he says. 
“We give them access to whatever they need to do the 
project - not access to the whole world, but access.” 

That means they attend project meetings, work side 
by side with Mitsubishi people and sometimes even 
have desks. But their access to the building is restrict- 
ed to certain areas, and security personnel know 
when they come and go. Their access to systems is 
also limited. “They get access only to what they need 
to do a project,” Romero explains. “They might have 
access to one specific server or to one specific appli- 
cation on a server.” 

Romero's IT staffers also make a distinction. “Our 
people are very careful about talking with vendors,” he 
says. “They treat them as team members, but they re- 
member they are still vendors.” 

Romero's approach shows that managing vendors 
on-site isn’t rocket science, but it does require some 
thought, which isn’t always a given. “The majority of 
companies don't even think about what access should 
be given,” says Gopal K. Kapur, president of the Cen- 
ter for Project Management. 

A good time to think about it is while negotiating the 
contract with the vendor, says Genzyme's director of 
IT client services, Mimi Moran. As you discuss in detail 
what vendors will do, you can also define the access 
they will need. Larry Graham, a vice president at Ino- 
vant, suggests asking a simple guiding question about 
vendor access, such as, Why do you need that? 

Dave Weidenfeld, managing counsel for McDonald's, 
says his compariy sometimes goes a step further to al- 
lay suspicion that a vendor is feathering its nest. “We 
have a contract that effectively says while they're here, 
they cannot solicit new business” with us, he says. 

But vendor access is only half the issue. “Compa- 
nies need to orient their own team members on secu- 
rity,” Kapur says. For example, what type of meeting 
do you invite vendors to attend? Who gets to sit in on 
budget meetings in which you discuss next year’s 
plans? Do your employees leave sensitive information 
on their desks or accessible on their PCs? Does your 
ClO know what not to talk about when meeting with a 
vendor exec? “A vendor may simply ask, ‘What are 
your plans for next year?’ and if someone blurts it out, 
it's gone,” Kapur says 

Kapur also includes a security protocol item in 
every project charter. That makes it a point of discus- 
sion and forces the team to think about it before the 
project begins. “You don’t get people in a plane and do 
security checks at 30,000 feet,” he says. “You do it 


before you take off.” 

% We make our vendors 
part of the project 

team. We give them access 

to whatever they need to do 

the project - not access to 

the whole world, but access. 


TONY ROMERO, C/O, MITSUBISHI MOTOR SALES 
OF AMERICA INC 


- Kathleen Melymuka 





Look Here First 
To Find Vendors _ 
Fast. . 


Now there’s one convenient place where 
you can go to quickly find the vendors 
you need to do your job — 
computerworld.com/bg. sre a ener 0 
This comprehensive online directory 

makes it easy to identify all the players souser [ Coatad 0Asns surere OS® 
that are doing cutting-edge work in secu- : 

rity, storage, supply chain, CRM, ERP, 

mobile/wireless, networking and more. 


So no matter what technology challenge 
you’re facing, you'll be able to locate the 
vendors that can help you face it. 
Computerworld’s Buyer’s Guides deliver 
them all: Vendors that can plan IT, 
implement IT, test IT, support IT. 
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OCKET COMPUTERS INC. recently 

helped a beer distributor integrate 

handheld computers into a customized 

back-office system so that salespeople 

on the road could log orders into 
servers at the main office. 

As Rocket Computers’ consultants put together 
the numbers, they tried to consider everything that 
would go into the client’s budget. They analyzed the 
costs of different handheld models, monthly service 
fees, modems, servers, software and training — and 
found that the smallest details add up fast. 

“When you're looking at a project driven by a 
$2,300 PalmPilot device ... if we get a hundred of 
them, now we're looking at a quarter-million dollars. 
But then there’s another $10,000 in cables, $5,000 in 
modems, then money for training and service,” says 
Roberto Villanueva, president of Rocket Computers 
in Swampscott, Mass. “Then your quarter-of-a-mil- 
lion dollars is fast approaching a half-million dollars.” 

Calculating total cost of ownership (TCO) is rarely 
a straightforward task, regardless of the technology 
involved. But figuring TCO for desktops has become 
particularly tricky in recent years, as systems have 
evolved to include much more than PCs. Now IT 
departments must figure in costs associated with 
laptops, personal digital assistants (PDA), cell 
phones and wireless service connections. 

“Just trying to determine what goes into a total 
cost of ownership can have you banging your head 
against the wall. Everybody has a different opinion 
about what [a desktop system] is,” says Charles Rus- 


| SRE eeatmesemarcinmmannarein: 
Adding It Up 


LAPTOP 
$2,200 
$12,300 $1,369 


3-4 YRS. 24M0S. 18MOS. 


/ ' 
BASE: AVERAGE OF 100! ! BASE: AVERAGE OF 100 MOBILE 
MOBILEUSERS, THREE USERS, THREE YEARS, 
YEARS, 100 LAPTOPS REPLACED TWICE 


BARTNER INC., 2002 


PDA 
$600 
$2,700 


ACQUISITION $200 


Tco 
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sell, chief of digital archives at the U.S. Army Re- 
serve in Fort McPherson, Ga. “You've got to look at a 
million different items.” 

The Reserve, Russell says, does a complete life- 
cycle cost analysis before rolling out new technology. 
That analysis covers factors ranging from the cost to 


| deploy the technology to the salaries for the contrac- 


tors who will support it. One recent analysis includ- 
ed about 120 categories that required a 38-page 
spreadsheet. 

As the old saying goes, the devil is in the details. 
That’s where companies often overlook numerous 


| small costs, such as cables, modems and training, 


that can significantly add to a desktop system’s TCO. 
“They tend to do good with the direct costs,” 

Ian Campbell, president of Nucleus Research Inc. in 

Wellesley, Mass. “It’s when it gets more intangible 


notes 





that they tend to forget about it.” 


Finding 


TheTi 


Tallying total 
desktop technology 
ownership costs 


beyond users’ PCs. 
By Mary K. Pratt 


a 





Campbell and some IT professionals put costs into 
three categories: direct, indirect and hidden. Direct 
costs include purchase, maintenance and upgrade 
costs. Indirect costs include the added burden on IT 
to manage the technology and the incremental costs 
associated with employees learning to use new tools. 
Hidden costs consist of things like added insurance 
costs and the time the accounting department needs 
to capitalize and depreciate the new technology. 

“Most companies tend to miss those indirect costs, 
and the vast majority of companies miss those hid- 
den costs,” Campbell says. 

Experts say the best way to start calculating TCO 
is to analyze your company’s true needs. Workers to- 
day are requesting all sorts of technology, claiming 
that it can help them do their jobs. But you have to 
ask: Will it really help people work faster or better? 

Many CIOs and chief financial officers have failed 
to take this initial step, according to Phillip Redman, 


| an analyst at Stamford, Conn.-based Gartner Inc. He 


says there has been a disconnect between what em- 
ployees want, what they need and what IT people are 
offering. But that’s beginning to change as employees 
introduce their own mobile devices into the work- 
place as a way to synchronize e-mail, calendars and 
contact management. 

“Most companies today are in the evaluation 
stage,” Redman says. They realize that they need to 


| provide the support, integration and technology nec- 


essary for these “toys” to become corporate tools. 


One Piece at a Time 

Redman recommends evaluating a desktop system’s 
individual pieces — the cell phones, communicators 
and integrated PDAs — to calculate TCO. Look at 
each component separately. If you try to assess the 
entire system at once, there would be too many dif- 
ferent combinations to consider accurately. 

“There’s no way to look at everything as a whole, 
as one,” he says. 

But Redman and other experts emphasize that the 
components shouldn't be viewed as stand-alone 
tools. Even if companies calculate the TCO for each 
component, they should consider, for example, how 
a salesperson in the field will use a handheld device, 
how the data will be transferred to the main network 
and how it can be accessed from desktop PCs. 

But it’s tough on IT departments that don’t have 
control over the separate pieces of the desktop puz- 
zle even though they’re frequently called upon to 
support those pieces. 

“Many times, the handhelds are entering the orga- 
nization from the user’s end; they buy it themselves 
and use it for accessing e-mail or company data,” 
says Kevin Byrd, senior director of product market- 

ing at JP Mobile Inc., a software de- 
veloper in Dallas. 
As a result, users with vari- 
ous devices are asking IT de- 
partments for support and 
special configurations. 
These demands often cre- 
ate all sorts of stealth costs 
— from staff time to new 
software requirements. Sys- 
tems that are built up in such 
a scattered fashion rarely make 
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financial sense or have accurate costs attached to 
them, experts say. 

“That’s where you get extremely high costs of 
ownership for handhelds,” whether they’re note- 
books, PalmPilots or Pocket PCs, Byrd says. IT staffs 
that implement central control for desktop system 
peripherals can save a lot 


Standardization Debate 

Bill Cook, CIO at the Clovis Unified School District 
in Clovis, Calif., oversees a network of 10,000 com- 
puters, including 3,000 to 4,000 student-owned com- 
puters, and a $2 million annual IT budget. Laptops 
are already part of the district’s desktop system, and 
Cook is analyzing the benefits of handhelds in pro- 
viding anytime access to student information. 

The first step to reducing costs, Cook says, is stan- 
dardizing hardware. “Together, they are a nightmare 
in terms of support costs. It really does make a differ- 
ence to get one-stop shopping,” The district 
uses IBM hardware. 

Support costs are higher and compatibility issues 
are more time-consuming with hodgepodge systems, 
says Cook. 

“With a hardware and vendor standard, you have 
less finger-pointing and more action,” he says. 

Many companies buy desktop PCs from a single 
vendor, analysts say, so it makes sense to follow this 
practice for mobile devices as well. 

However, Campbell says, companies shouldn’t al- 
ways standardize. BlackBerry devices work well for 
sales reps who need e-mail, he says, but they won’t 
work as well for maintenance workers who need 
access to manufacturing systems. Those workers 
would be better served by Palm OS-based devices. 

In short, says Byrd, companies should aim for a 
centralized system that gives the IT department con- 
trol and is flexible enough to accommodate different 
devices and expansion into other applications. 


he says. 


Other factors to consider include how many work- 
ers need mobile devices, how much training they 
need and how data will be backed up — all of which 
translate into dollar amounts. 

Some industry analysts put the TCO of a PDA, in- 
cluding the cost of providing support, network con- 
nectivity, replacement units, training and software, at 
$2,500 to $4,400 per year. They peg the TCO for a 
desktop PC, including everything from hardware to 
downtime, at $11,000 to $12,000. Some say companies 
can add those numbers to calculate the per-user cost 
for workers who use both technologies, a practice 
called “business provisioning.” 


New and improved isn’t necessarily better. But then 
PUP Meee aes mre mel 
scenario applies when it-comes to going mobile? 
Analysts and IT professionals offer the following tips 
to those considering investing in mobile technology. 


EYES Ue hi) 
assistant who works at the same office every day 
probably doesn’t need a PDA, but an admissions re- 


| 
| 
| 
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MANAGEMENT 


TCO Without 
ROI Is Like Cake 
Without Icing 


TLL Sf whon companies plan tort ot new 


when companies plan to roll out new 

technology, analysts say that execu- 
tives also need to consider return on investment. Looking 
only at today’s costs of desktop systems cou'd cheat com- 
panies out of future savings. 

Striking a balance between immediate costs and long- 
term savings isn’t easy. That's due in part to the nature of 
ROI, which includes gains that can be hard to quantify, 
such as increased productivity and less downtime. 

But there are some trends to think about when weigh- 
ing TCO and ROI. 

Bottom-line numbers are crucial for a company to see, 
particularly now, says Richard Cheston, director of sys- 
tems management at IBM’s PC division. “Productivity 
gains are just a tiebreaker. If you can't significantly show 


“You just add that on per user, per year. That’s why 
we calculate TCOs individually,” Redman says. 

However, he and other experts point out that there 
will be overlaps, such as a shared server, that can af- 
fect the final numbers. 

“When the PC was introduced, it really was an in- 
dividualized tool. Now the PC is part of a much larg- 


| er information system; that’s why break- 


| Ontario-based supplier of collaboration 
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cost reduction, productivity improvements won't get a 
company to roil out [new technology],” he says, especially 
it the technology isn't mission-critical. 

On the other hand, some companies can easily quantify 
ROI based on productivity gains. 

Kevin Byrd, senior director of product marketing at JP 
Mobile, cites one company that deployed handhelds for 
100 salespeople and saw an average 15% revenue in- 
crease for each sales representative. (The company won't 
disclose the cost of the rollout.) 

Charles Russell, the U.S. Army Reserve's chief of digital 
archives, has even more impressive figures to show for the 
Army Knowledge Online portal. An investment that cost 
about $100 million, the year-old portal has allowed better 
integration of office PCs, home computers and laptops. 

The savings that resulted from a decrease in downtime, 
a reduction in equipment purchases and improvements in 
productivity have been staggering, Russell says. Prelimi- 
nary numbers show the Reserve saving about $20 million 
over two years. That kind of figure, Russell notes, is hard 
to ignore when looking at TCO. 

~- Mary K. Pratt 


obvious. The work that Rocket Computers did for 
the beer distributor is a good example: In addition to 
accounting for the company’s direct costs for new 
Symbol Technologies Inc. handhelds and the sup- 
porting infrastructure — a communications server, 
modems and wiring — Villanueva analyzed whether 
a handheld that needed to be plugged 
phone was cheaper than the wireless 


into a cell 


ing out the total cost of ownership for a 
desktop system is a tricky proposition. 
It’s only one element of the system,” says 
Anik Ganguly, executive vice president of 
products at Open Text Corp., a Waterloo, 
and knowledge management software. © QuickLink 
Analysts say any calculation of a desk- 
top system’s TCO should include capital 
costs, such as hardware, software, configuration and 
training. It should also take into account operational 


| and administration costs, such as the additional ac- 
; counting associated with paying monthly fees for 


mobile services. Finally, it should incorporate end- 


| user expenses, including the cost of diminished pro- 


ductivity caused by workers fiddling with their high- 
tech devices. 
The numbers used to calculate TCO go beyond the 


cruiter who travels around the country would proba- 
VAC a MMe Re Muelle 


OMAGH) 
re UCM MCR MUM LCM lOR Ul mtg 
How long are they out? 


x Det male i 
mation do they need? What applications will they 
need? And how often will they need these items? 


COUNTING COSTS 


Security measures that don't 
apply to PCs should be 

ad as extra 

alculating the TCO of 


desktop systems 


www.computerworld.com 


Symbol model. 

After crunching the numbers, the com- 
pany decided to go with 25 handhelds that 
needed to be plugged into phones. If the 
distributor had chosen the wireless mod- 
el, it would have had to pay $12,500 more 
for the handhelds upfront, plus hundreds, 
maybe even thousands, of dollars a month 
for transmissions via Cellular Data Packet 
Transmission networks — a variable cost that Villa- 
nueva says had the potential to be a “runaway train.” 

In the end, companies will find that TCO is the 
sum of fixed, variable and semivariable costs. 

“A solution is all about looking at hardware, soft- 
ware and services,” Redman says, “and how they 
connect together so they succeed.” D 


a 


33971 


Pratt is a freelance writer in the Boston area. 
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with any new technology - in a pilot program. 
The final word on whether to 
invest in mobile technology should come from users, 
department leaders andthe IT staff together. 





Dell server consolidation. 


Saves money. Saves space. 


Spells doom for your old servers. 





Dell | Enterprise 


Consolidate with Dell and you'll need to find a new use for your old servers 
What kind of server consolidation solutions does Dell bring to your enterprise? Just what you'd expect: A legendary focus on you, the 
customer, that's as relentless as our focus on driving down costs. An end-to-end solution that saves you money today and tomorrow 


by delivering 


Maximum flexibility, manageability, value and price/performance. Our new line of PowerEdge” servers, powered by 
Intel® Xeon® processors, that consistently rank at the top of industry benchmarks such as TPC” Collectively lowering TCO 


and accelerating time to ROI 


Optimized uptime/maximized investmert. Dell's new systems management solutions deploy software, tools and services 


which simplify and automate server systems administration. Leveraging your IT resources and maximizing your IT dollar 


Server infrastructure consolidation services. Our comprehensive portfolio includes consolidation readiness assessment 


consolidation design and transformation, customer training and certification, deployment and high availability support services 


Flexible financing alternatives. Del! gives you a variety of financing avenues designed to help you optimize RO! 


For nearly 20 years, we've revolutionized the way the world buys and manages technology. Now find 
4 att out how Dell's direct approach can revolutionize your server consolidation. To learn more about the Dell RO! 


By \ test, visit www.dell.com/serverROI or call us toll-free at 1-877-434-DELL 


Flexible solutions that can cut costs today and tomorrow. Easy as DGLL 


Call 1-877-434-DELL or visit www.dell.com/serverROI 
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John Hagel Ili 


In an interview 
with Computer- 
world’s Thomas 
Hoffman, the con- 
sultant and co- 
author of Out of 
the Box: Strate- 
gies for Achieving 
Profits Today & 


Growth Tomorrow | 
Through Web Ser- | 


vices (Harvard Business School 


Press, Oct. 2002) offers tips to IT 


managers experimenting with the 
nascent set of technologies and 
standards. 


eeereeesecee 


What are some of the misconcep- | 


tions about Web services? In truth, 
much of what's being done today is 
connecting mundane legacy applica- 
tions with each other. It's not that ex- 
citing; it’s basic plumbing activity. The 
real business value in the near term is 
around connecting existing applica- 
tions. A second [assumption] is that 
the initial integration will occur within 
the firewall. But the early work being 
done is at the edge of the enterprise, 
such as connecting procurement and 
sales processes with other activities. 


Who are the early adopters? I'm 


| 





seeing two parallel paths. One is within | 


the IT department, where there are 
early adoption efforts to see how it 
works and how it can help integrate 
systems. The other is coming from the 
business side, where executives are 
faced with having to reduce capital 
budgets by 25% to 30%, and they're 
looking at Web services as one way of 
doing that. To date, there’s been more 
focus by business than by IT. 


What is the potential impact of 
business-driven Web services on 
ClOs and IT managers? ClOs have 
become very risk-averse, in part be- 
cause of a backlash that returns on 
technology investments weren't there 
over the past five to 10 years. Also, 
ClOs are facing shortening tenures. 
They tend to get fired with alarming 
frequency because [IT projects] tend 
to blow up. The best way to not have 
things blow up is to not put new things 
into the mix. There’s a challenge for 
ClOs to move to being focused on how 
technology can help these major busi- 
ness initiatives. B 
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A Squeezed Supplier 


Never Forgets 


NYONE CAN CUT SUPPLIER COSTS in 

a buyer’s market. Hard negotiations that 

include pressuring for significant price 

concessions are expected. Many hungry 

suppliers will give in to your demands for 
lower prices, figuring that some work is better than 
none. But you should avoid unethical methods that 
leave your suppliers angry and waiting for revenge. 


Things have already 

turned ugly. IT contractors 
on a job in Boston were 
told they had to work over- 
time but couldn’t put the 
extra hours on their time- 
cards. Several contractors 
refused to comply and 
recorded all of their hours. 
They found their contracts 
terminated one week later, 
and the remaining contrac- 
tors got the message. 

The owner of a small 
Atlanta-based accounting 
firm signed a contract to 
perform some work for a 
Fortune 500 company. Two 
weeks later, she got a letter stating that | 
her hourly fee had been reduced by 
10%. Furthermore, the hiring company 
would be deducting an additional 5% if | 
it paid her bill within 15 days from the 
date it claimed to have received the 
bill. When she called the company to 
complain, she was told that all of its 
professional services firms were “vol- 
untarily” reducing their fees, and she 
could take it or leave it. 

In both cases, the rules were changed 
unilaterally, after the contracts were 
signed. The suppliers continue to 
work on these jobs, but they feel... 
well, propriety prevents reprinting 
their actual words here, so “cheated” 
will have to suffice. 





The buyers could likely have gotten 


concessions from these 
suppliers by applying less 
extreme measures. At the 
very least, they could have 
chosen to exercise the stan- 
dard “30 days’ prior notice” 
clause in their contracts 
and renegotiated rates with- 
out creating an adversarial 
situation. 

Alternatively, the buyers 
could have included their 
suppliers in the search for 
a solution to cost pressures. 
Allowing the supplier the 
opportunity to recommend 
how to reduce costs may re- 
sult in a creative solution, 

and it could foster cooperation instead 


| of hard feelings. Suppliers’ suggestions 
|} may include the following: 


@ Decreasing service levels. Loosening 
guaranteed response times for non- 


| critical areas might be a fair trade-off 


for lower fees. 

® Extending contracts. Lengthening the 
contract reduces the supplier’s sales 
costs and allows better workload 
management. 

= Using commodity products. Generic 
hardware or software could be substi- 
tuted for proprietary technology. 

A supplier’s suggestions may be un- 
acceptable. But imposing Draconian 
measures without discussion will cer- 
tainly rankle the supplier. These seeds 
of resentment often result in negative 





| 


payback that could have been com- 
pletely avoided. And as we all know, 
payback is a nasty thing. 

Suppliers seeking revenge don’t nec- 
essarily need to wait for the economy 
to rebound. A supplier that’s unhappy 
about enforced price concessions will 
take the first opportunity to make up 
the difference somewhere else, and 
you may find the savings you previ- 
ously beat out of your supplier dwin- 
dling away. Suppliers can hammer you 
on change-order fees, increase their 
service charges or drop their service 
levels. Even worse, they can move key 
players around and assign the B team 
to your account. 

Adversarial business relationships 
aren’t fun or productive for either 
side. Disgruntled suppliers will leave 


| you high and dry the moment they 


find a better customer. Meanwhile, 
outside the bounds of the contract, 
you can kiss any kind of goodwill 
goodbye. And worst of all, if you 
squeeze a small supplier hard enough, 


| you might inadvertently drive it out 


of business, a scenario usually not in 
your best interests. 

Beware of unbound greed in your 
end-of-year negotiations. If your only 
purchasing skill is gouging your sup- 
plier, you may win in today’s econo- 
my, but you will lose in the long run. 
When the economy rebounds, sup- 
pliers will remember the customers 


| who treated them fairly and those who 


employed unethical tactics. Compa- 
nies that showed integrity in hard 
times will get much better supplier 
cooperation in the future. Good sup- 
plier management creates working 
relationships that produce winning 
results, regardless of the state of 
the economy. D 


WANT OUR OPINION? 


For more columns and links to our archives, go to: 
www.computerworld.com/opinions 
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SYSTEMS ANALYST IV-For co. 
specializing in mktg & mnfg of 
computer software; responsible 
for researching changes & 
enhancements to existing features, 
product instali processes, tools, 
standards & processes. This 
includes testing and verifying 
systems & database modules to 
ensure their quality & integrity. 
Train employees & customers on 
systems usage. Participate in 
process refinement & improve- 
ment. Coordinate activities of 
various depts to ensure completion 
of the project on schedule. 
Req's: B.S. or equiv. basec 
education and/or work experience. 
with concentration in Comp S 
Business or a related field 
years exp. in job offered or 5 
years technical exp. in supporting 
PC's, mainframe or web based 
environments. Profic 

Java, SQL Server, Microsoft Visual 
J++, Microsoft Visual Studio, Select 
Enterprise, Rational Clear Quest, 
Rational Clear Case, Microsoft 
Visio PVCS Defect Tracker & Test 
Director. 40 hrs/wk. Send resume 
to Siemens Medical Solutions. 
Human Resources, 51 Valley 
Stream Pkwy., Malvern, PA 19355, 
FAX: 610-219-8266, e-mail 
human.resources @ smed.com 


EOE/AA 


Programmer. 8a-5p; 40 hrs/wk 
Convert data from project specs. 
prep detailed workflow chart 
for input, output & logical opera 
tions, dsgn, impimt & test comp 
prgm using C, Java2, micro 
processor prgmg, networks & 
UNIX, prep tech’! documentation 
Educational req: Bach or equiv in 
Comp Sci or Engg, Info Systms. 
Electrical, Electronics or related 
fieid of Engg. 1 yr exp in job offd 
or as S/ware Engr/Systms/Prgmr 
Analyst. Resume xtger 
Infotech, Inc., 2090 Beaver Ruin 


Rd., Ste 600, Norcross GA 


ior Systems Planning 

Serve as a project/team 
leader. Evaluate systems re 
quirements and develop systerr 
configurations to ensure corporate 
objectives are met. Plan, design 
analyze, develop and implement 
computer systems. Requirements. 
Bachelor's degree” in computer 
science, MIS, engineering, applied 
science or related field plus 5 
ye: »f experience in computer 
systems development. Experience 
with Visual Basic, SQL Server 
MVS/TSO mainframe develor 
mentinterfacing with server ap 
plications also required. “Master 
degree in appropriate field w 
offset 2 years of general exper 
ence. Submit resumes to Chris 
Gibney, Federal Express Corpo 
ration, 2600 Nonconnah, Suite 
191, Memphis, TN 38132. EOE 
M/F/D/V 


S/W ENGR 

Anlyz, dsgn, dev 
mplement commer 
utilizing knowledge v 

cycle. Dev. dsgns based or 
specs yz, eval. & modify ex 
sting or proposed sys. Cc 
w/users to ensure efficient 
timely delivery of sys. BS 
Comp. Sci., Engrg., Bus 
Math plus 3 yrs exp. in either 
the position offered or as Prog. 
Analyst, Sys. Analyst or 
Cons. rqd. Must have exp 
w/Windows & MVS/ESA 5.2.2 
operating sys.; COBOL & MVS 
JCL lang.; & Oracle, DB2 & SQL 
Server RDBMS. High mobility 
preferred. 40 hrs/wk, 8 am —5 pm. 
$60,980/yr. Qualified applicants 
report/submit resume to 
Manager Westmoreland 
County CareerLink, 300 East 
Hillis Youngwood, PA 15697 
1808. Refer to Job Order WEB 
284936. 


| Sr. Software Engineer 
Design and development of re- 
ports, functional specifications 
and high level design utilizing 
BRIO. Must have Bachelors De- 
gree Computer Science or Elec 
tronics or in a related field & 3 
yrs. exp. or 3yrs. exp. in a related 
position w/ability to use: Brie Ad- 
ministrator, Brio Query Design- 
er, Brio SQR Report Builder, Brio 
One Integrator, DB2, J2EE, DB2 
SQL Server, and Cold Fusion 
Must be willing to travel and re- 
locate 
40.0 hrs./wk 8:00 AM — 6:00 PM 
$76,000/Yr 
Applicants send cover letter 
and resume to: 


400 West Lake Street 
Suite 216 
Roselle IL 60172-3572 
Attn: HR MGR 


NuTech Solutions, inc., an inter- 
national software development 
consulting company, has openings 
for Senior Software Developers 
The qualified candidate will be 
responsible for development of 
software ducts and business 
solutions for data acquisition 

ata mining, optimization and 

wiedge management, using 

computational intelligence know!l- 
edge of evolutionary algorithm. 
etc. Will utilize software expertise 
in system integration, object ori 
ented design and developmer 
and data modeling. Other tec! 
nologies that are key 
position are: Java, C++ O 
soft VisualStudio and Oracle 
Minimum requirements are 
Masters Degree in Comput 

science and four (4) years in 
design and development. Please 
submit your resume to NuTech 
Solutions, Inc., Attn: V. White 
8401 University Executive 
Charlotte, NC 2826 


maintain commercial credit card 
ordinate 


hardware and 


ADMINISTRATOF 
Bachelor's degree 
degree equivalent 
Science. i ar Engineering 
elated 
id thre 
experience in database admin 
stration using Oracle and Oracle 
DRUMS in programming 


urs: 8 amt 


t Validation Engineer. [ 
lement software for At 

ated Test & Measurement sys: 
tems to test design validation for 
Automobile Steering Columns & 
related components using Lab 
VIEW & VB for programmable 
ontroliers, PC or embedded 
controllers. Design electrical 
control systems for Test & 


Measurement applications. Rur 
component validation tests & 
prepare test result reports 
Reqd: B.S.M.E. & y's exe 
40 hrs/week, 9am-5pm. Send 
resume to J. Brigham, HR #A28 
Onsite Companies, Inc., 7301 
Parkway Drive, Hanover, MD 
21076. 


IT CAREERS 


Computer/ Info. Systerns 


INFORMATION SYSTEMS 
PROFESSIONALS 


To participate in analysis, problem 
solving, project design, technical 
implementation for major projects 
and mentor junior level consul 
tants. Participate in the timely 
and high quality delivery of prod 
uct; implementation, integratior 
design, coding, testing and doc 
umentation of custom application 
software; evaluate user requ 
ments and consult with desigr 
team to identify current procedures 
and needs; support ar ain 
end-users. Technologies/Piatiorms 
used include; UNIX, Windows 
NT, SQL Server, or Oracle u 
SQL, C/C++, Visual B: 

Cobol and oth app 
programrnunc inguages in C 
Server, Network and Mainframe 
environments. Must have a Bact 
elors degree or its equivalent 
and 2+ yrs. professional exper 
ence. Send resume t mar 
Resources, Knightsbridge Solu 
tions, 500 W. Madison Ave 
Suite 3100, Chicago, IL 60661 
EOE 


Sys/Analysts to perform embed 
ded systems prog using V 
COM, DCOM, CORBA, WAF 
de Warrior, Assemt 
guage, Linux etc f 
PCs and PDAs; develo 
base appis using Oracle, MS 
SQL, on Windows/UNIX OS; test 
and debug appis for optimal pe 
formance. Require BS or for 
equiv in S or Er 
branch) with 1 
High Salary f/t. Trave' 
Resumes to Salem 


Moines, !A 50309. 


Senior Programmer 
needed tc 
develop c 


tems, app 


engineering, science 
ematical analysis, us' 
lowing hardware/software 
3090, COBOL, IMS (DE 


JCL and others. 40 hrs/wk. 8ar 


| apply knowledge 


vanage 


applicati 
opment experience 


r Dublin, Ohic 


3434 Grar 
OH 43617 
pamela.sc! 
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Black Belt - GEEP IT 
Atlanta, GA 


ae GE Power Systems is the world’s leading supplier of power systems 
Who we are ; ppl I e 
annual sales of over $14 bilhon. Our 


equipment and services with glob: 
innovative team spirit and progressive challenges have made GE Power 


Systems an environment offering exceptional opportunities. 


Who we seek The Black Belt will lead the implementation of medium large sized IT 

projects including the creation of a data wa Parts business t 
streamline siness reporting, on-time and under bu t neet 
customer nents and milestones; w th fur nal and 


technical teams to select vendors for sbust reportin 


environment for Parts and impler lution »llaborate with GE 
Energy Services and Power Systems Shared Services to leverage their 
Centers of Excellence to help execute hases of the application 
development life cycle for the data warehouse project; partner with the 
business quality resources to build quality capable processes for business 


listributing Parts-IT contract 


reporting and for selecting, managing & « 
resources using quality improvement tools ntegrate quality 
programs to create a seamless interface t tomer by facil 
»ptimum system / application perforn 
any/all digitization opportunities and 


intelligence solutions 


The Black Belt will possess a BS 
Science, Engineering or equivalent plus tun 
1 


experience implementing IT 
the ability to manage multiple ty unprovement tools. 


ing situational leadership; anc isk mitigating skills. Stror 


8 


personal, presentation, ¢ nication yanization and 


tative /analytical skills are required 


’ competitive salary, an outstanding benefits package and the 
How to apply oe gee F eg 

. professional advantages of an environment that supports your development 
and recognizes your achievements. To apply, please send your resume. 
referencing code GEPS/286963/AN030, to: opportunities@gecareers.com 


We are an Equal Opportunity Em; 


& 


IT BUSINESS ANALYST Ili c utions, Inc., an inter 

n oftware development 

five team me: ADT Sec J company, has an 
must be completed on an immediate opening ir pening for the position of Vice 
Boca Raton, Florida office for ar President of Products. The qual 
T Business Anaiyst I!! fied andidate will lead the 


y Services. 


budget and to quality 
Duties include setting 
aging goals and priorities bIgn, Gevelopm 
0 guidance. Make Responsible for : ee eee 
principles 


ents and staff. Manage cor and for develo 
Gflectively and perform 1 specifications t 
slopment staff to addre 
sales and velopment sta! ads 
with esti eeds 
and costs 
Must possess 
ess rement i 
legree 
elop accur viable : * . 
P computer Scier 
Eva . ated fi 
juct = 
: 4 Managemer 
ews for tearn members. Manager/Leac 
rements 
with decisior 


multi-tier cc 
or multi-system strategies 


rocesses and strate on 
5. Minimum re 


nts are a Masters Degree 


yuter Science and four 


rver, Sybase 
f progres: Obje 
4) years development expenence 

Jesigning sy Ss that apply 

nputationai intelligence prin 


ples to the 


> experience in the jot UNIX and V 


project management 
ftware dev ant Resume anc 
ants must have unrestricted reflect each imization of 
rization to work in th ted and specify r r 5 r roblems. Must be fluent 
TBA/RJ or it ber c Nn state-of-the art computational 
igence area and technologies 
it your resume to 


rsity Execu 


Analyst: Various 

support company's 

F — 3A. Analyze, design 
(LAN), wide 


WA a 2-engineer, and imple 
network (WAN), & Internet airline telecom PROSr, SNS ENG 


n. Maintain network hard: 


. services company. De 
software. Monitor/ Maintair pany 


al software appli 


= 1: BS in Comp 
rk, Supervise network sup tical skills & experience 


& client server specialists. Science, Engineering, or related 
0 iON Send resume 
coordinate & implement position. Send resume 
” field,and 2 yrs in job offered, or 2 
netv curity measures. Req. ce 
work security measures. Req Natasha Lyttle, SITA INC, 310¢ 


Master's Deg. in info. systems + y 


ts as a Software Consultant 


1 yr. exp. in job off. Resume tc Cumberland Bivd., Ste Resumes to: Infogiaze Systems. 


chant Investment, 1120 


Atlanta, GA 30339. SITA INC 375 Central Ave, S 


96, Riverside 
wers Ferry Rd. Marietta, GA — 


30067 an Equal Opportunity Employer. CA 92507 
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iDial Networks, Inc. a Telecom- 
munication Services company 
based in The Woodlands, TX re- 
quires 


Vice President for 
Retail Sales & Marketing 


To develop sales strategies to 
market virtual phone cards and 
virtual phone accounts nation 
wide as well as overseas. imple 
ment Agent Program and estab- 
lish — distributior channels 
Manage sales team. Negotiate 
rates with international carriers 
from Europe and Asia. Needs a 
Masters degree in Economics or 
relevant field and 4 years rele. 
vant experience in managing 
and marketing pc based 
telecommunication systems 


Senior Manager Control Center 
& Web Operations 


To be responsible for all e-com- 
merce operations and to manage 
and develop the main switching 
systems for web based call trig- 
gering telephony projects based 
on Dialogic and Windows 2000 
platforms and Cisco networking, 
Knowledge of Dialogic platforms 
based on E1 Signaling method 
ology used in South East Asia 
and Cisco networking is essential 
Needs a Bachelors in Electrical 
& Electronics Engineering and 5 
years relevant experience in pc 
based switching systems 


Database Administrator II. Per 
form maintenance & backup 
functions Oracle d/base 
Reso| issues of moderate 
scope by reviewing & analyzing 
identi le factors. Refer more 
complex issues to senior staff 
Collaborate w/end users by con- 
ducting needs analysis. Dvip & 
nt d/base dsgn & modeling 
ynduct testing of systms to 
ure efficiency & accuracy. 
May manage security access & 
Control to specific d/base, ensuring 
only authorized staff has access 
& updating capabilities. Collabo: 
rate w/end users in dsgng & 
generating reports & serving as 
tech'l expert. Ensure data re- 
ported is user-friendly & under- 
standable. Dvip & update docu- 
ments pertaining to systm or 
s/ware procedures, reqmts, & 
changes. B.S. in Comp. Sci. or 
related field +2 yrs exp in job offd 
or related occupation such as 
S/ware Engr or similar duties 
under different job title. 2 yrs exp 
w/Oracle d/base admin, RMAN 
Unix Shell Scripting, Humming 
Bird Exceed, IBM AIX (RS 6000 
series), & MS NT 4.0 Oracle 
Certified Prof'l certification reqd 
0 hrs/wk. $65K/yr. Must have 
f legal auth to work ir 
US. Send your resume to IA 
Workforce Center, 215 Watson 
Powell Jr. Way, Ste 100, Di 
Moines, 1A 50309-1727. Please 
ref to JO #1101637. Employer 
paid ad 


Smithfield Foods, Inc. has 
an opening for a Distribution 
Systems Analyst. The qualified 
candidate wil! ensure proper 
configuration and operation of ail 
computer related equipment used 
in the warehouse, coordinate 
system upgrades and mainte 
nance with warehouse operations, 
will analyze requirements and 
design, develop and maintain in. 
terfaces, maintain servers and 
systems reports, and support ex. 
isting systems. Responsibilities 
will also encompass development 
and implementation of new and 
existing applications and data 
conversion processes. Minimum 
requirements are a Bachelors 
Degree in Computer Science 
and 2 years of experience in 
systems analysis, program desion 
and development, applications 
implementation and support or 4 
years of professional experience 
in systems analysis, program 
design and development, app'i- 
cations implementation and 
support. Submit resume to 
Smithfield Packing, Inc., Attn 
Human Resources, 200 Com: 
merce Street, Smithfield, VA 
23430 


Sr. Database Developer - Design 
implement databases on SQL 
Server 2000; Knowledge of object 
oriented database design a 
must; Write Transact-SQL & DTS 
scripts to Port database objects 
Write triggers/ stored proc. in 
Transact-SQL; Understand b/z 
process. / translate req. to SQL 
interactions with databases; Un. 
derstand LDAP database structure 
& write queries to transform it to 
anormalized database structure 
Write WSH scripts to import IIS 
logs to Webtrends; knowledge of 
Webtrends Database Structure: 
Must have worked on SQL 2000 
SQL-XML functionality; Familiar 
with Full Text Searching/ MS 
indexing Service; develop in- 
house applications (ASP, COM 
Javascript) for user interfaces: 
conversant with Rational Rose 
Data Model; Experience on 
Rational Unified Process a must 
BS in Comp. Sci. + 3 yrs. exp 
(Software Dev., & SQL Server 
Database Design & Admin.) + 
Microsoft Certificate in SQL 
Server. Apply to Firstdoor 1425 
Elisworth Industrial Drive, # 31 
Atianta, GA 30318 with proof of 
work authorization 


ALGORITHMS ENGINEER 
Millimetrix Broadband Networks. 
a leading provider of broadband 
wireless technology, seeks qual: 
ified applicants for the position of 
Algorithms Engineer. Will perform 
specialized research for new mil- 
limeter wave products (18 to 38 
GHz), including theoretical mod- 
eling and simulations for High 
Gain Channel Coding, Cross Polar 
Interference Cancellation, Syn- 
chronization and Phase Locked 
Loops. Will provide technical 
support for existing products and 
product upgrades. Requres MS 
in Elect.Eng. and 4+ years expe- 
rience in research and develop- 
ment for broadband applications 
(physical layer). Should have 
expertise in Linux-C++ and Mat 
lab. Send resume, referencing 
job code 7-02, to: Millimetrix 
atin: Director of HR, 2325 Dulles 
Corner Bivd. #470. Herndon, VA 
20171; fax: (703) 871-7302; or 
e-mail: hr_us @ millimetrix.com 
EOE 


Programmer Analyst wanted tc 
research, design, and develop 
computer software systems, ap- 
plying principles and techniques 
of computer science, engineering, 
science, and mathematical analy- 
sis, using the following operating 
systems: MS-DOS, Windows. 
UNIX, and the following computer 
languages: COBOL, DB2, IMS. 
CICS; Modify system to address 
any concerns by client and doc 
ument and test system. 40 hrs 
week. 8am to 5pm. $ 59,448 
year. Must possess Bachelor's 
Degree in Engineering or Com 
puter Science and six months 
of training in multi-user pro 
gramming. Employer Paid Ad 
Please send resumes to MCDC 
ESA, P.O. Box 11170, Detroit 
MI 48202-1170. Reference No 
202226 


Western Union, a Division of 
First Data Corporation, a co. in 
Greenwood Village, CO special- 
izing in e-commerce transaction 
Payment services, has an opening 
for a Sr. Application Architect to 

ork in Montvale, NJ & other 
unanticipated job sites in the 
U.S. Analyze complex internal 
business functions and processes 
to design, develop, code and im- 
plement financial software appli- 
cations. Requires bachelors 
degree in computer science; 2 
yrs. @xp. as a project manager or 
leader; working knowledge of 
TANDEM K and S Series hard- 
ware and Guardian 90 operating 
system. Respond by resume to 
Norm Barnett, First Data Corpo- 
ration, 6200 S. Quebec St 
Greenwood Village, CO 80111 
and refer to job #3368NA. 


BRO. eS 


SOFTWARE CONSULTANT 
Analyze & evaluate existing or 
proposed software systems. Dsgn. 
dip, impimnt & improve programs, 
systems & related procedures to 
process data using in-depth 

nowledge of the software 
dvipmnt life cycle & C/C++ pro 
gramming languages. Encode. 
test, debug & install operating 
programs & other system software 
utilizing exp. with Inges & SQL 
server. Bachelor's (or equiv.) in 
Comp. Sci., Math, Bus. or Engnrng 
+2 yrs exp. in position offered or 
as a Programmer Analyst, Software 
Engineer or Systems Analyst 
reqd. Exp. must include: (a) C or 
C++ programming languages; and 
(b) Ingres or SQL server. ge 
ae preferred. 40 hrs/wk, OT 
as reqd, 8 am - 5 pm, $61,000/yr 
Qualified applicants please submit 
resume to Manager, Washington 
County Team PA CareerLink. 
Millcraft Center, Suite 150LL, 90 
West Chestnut Street, Washington, 
PA 15301-4517. Please refer to 
Job Order No. WEB 279724 


SOFTWARE CONSULTANT 
Analyze & evaluate existing or 
proposed software systems. Dsgn 
dvip, impimnt & improve programs. 
systems & related procedures to 

rocess data using in-depth know- 
ledge of the software dvipmnt life 

cycle. Encodes, tests, debugs & 
installs operating proprasns & 
other system software utilizing IBM 
operating systems, CICS/COBOL 
lanquages & DB2. Bachelor's (or 
equiv.) in Comp. Sci., Math, Bus. 
Engnrng or Comp. Info. Sys. + 2 
y*s exp. in position offered or as 
a Programmer Analyst, Software 
Engineer or Systems Analyst 
reqd. Exp. must include @ IBM 
operating sys., (b) CICS & SOBOL 
lanquages, and (c) DB2 database. 
High mobility preferred. 40 hrs 
wk, OT as reqd, 8 am - 5 pm 
$61 ,000/yr. Qualified applicants 
please submit resume to Manag- 
er, Washington County Team PA 
CareerLink, Milicraft Center, Suite 
150LL, 90 West Chestnut Street 
Washington, PA 15301-4517 
Please refer to Job Order No. 
WEB280334 


Software Engineer - Orefield, PA 
Require experience in design 
and development of applications 
using VisionPlus, COGEN 
COBOL, CICS, VSAM and JCL 
Relocation within USA possible 
Attractive compensation pack 

Send resume to Mahalingam N 
Narayanan, Gurus !T Services. 
1117 Linden Hollow Lane. 
Orefield, PA 18069. Email resume 


to : resume @gurusit.com 


Java Programmer 

Design, development, & testing 
of GUI screens, using Java 
Mysql, JDBC. Raise & resolve is 
sues by working w/team mem 
bers. M.S. in CS or rel. w/abil. to 
use Java Mysql JDBC 
PL/SQL, VBScript, HTML, JSP, 
CGI, LINUX, Informix, Oracle 
40.0 hr/wk. 9-5 Send resume to 
Mr. Ray Little, Vice President 
MediSYS, 7201 Halcyon Summit 
Dr., Montgomery, AL 36117 


Senior Analyst needed w/exp to 
analyze,design,develop, test & 
support software applications 
using Clarify, Oracle, Tuxedo, 
Visual Basic, Windows, AS/400 
RPG/400, CL/400; Actuate & 
Impromptu. Implement software 
applications on Windows opera: 
tions systems & AS/400 operat 
ing systems. Send resumes 
to: informationtechnology @ 


konica.com 


Software Design Engineer, Cary, 
NC: Perform s/ware requirements 
analysis, review, design, impie- 
mentation & testing for electronic 
laboratory test equipment. Develop 
instrument monitoring & control 
s/ware on Windows NT using 
Visual C++, MFC, COM, DCOM 
ATL, OLE-DB, ODBC, SQL 
Server, MS Access, RS232 
TCP/IP. Perform GUI & RDBMS 
design. Maintain firmware in 
Assembler, C & VHDL for Intel 
8051 series. Evaluate interfaces 
betw. h/ware & s/ware. Assist 
w/hware design analysis. Manage 
version control of software. Req 
Bachelors in Electronic Engi- 
neering/Computer Science + 
5 yrs in job or as Software 
Engineer-Electronic Systems 
design. Mail resume to: HR 
Varian, inc. 13000 Weston 
Pkwy, Cary, NC 27513 


Computer Hardware Technician 
sought by computer repair, 
upgrade and sales company in 
Lakewood, CO. install, modify, and 
make minor repairs to computer 
hardware systems and peripheral 
units including fax machines 
printers, and scanners. Provide 
technical assistance and training 
to system users. Install hardware 
and peripheral components on 
users’ premises, following design 
and installation specifications. 
Enter commands and observe 
system functions to verify correct 
system operation. Requires 4 
years of experience installing 
modifying, and repairing computer 
hardware and peripheral systems 
such as fax machines, printers 
and scanners. M-F, 8am-5pm 
$39,760/yr. Respond by resume 
to Employment Programs, PO 
Box 46547, Denver, CO 80202 
and refer to JON CO 5031401 


Software Eng. sought by Co. that 
develops comp.-based physio: 
logical systems analysis software. 
Must have Masters in Comp 
Sci., Biomed. or Elec. Engg 
Applied Math, or Num. Analysis 
+ 1 yr. exp. in building 3D comp. 
models of physiological systems. 
Req: C++, Java, comp. control 
langs. Response to H.R./J.X 
Physiome Sciences, Inc., 150 
College Rd. W., Suite 300 
Princetor NJ 08540-6604 
EOE 


COMPUTER SYSTEMS ANA 
LYST-oversee front-end systems 
design by applying knowledge of 
JAVA, accounting & database 
systems in development of app 
plications; Implement custom 
user interface. Min. req: 4 yrs 
exp. Resumes: Cautus Networks 
Corp., 1333 S. Miami Ave., Ste 


303, Miami, FL 33130 


Software E nese Nashua, NH 

h, design & dev. sone 

'S, in conjunction w/hard- 
ware prodt devpnt. Consult w 
hardware eng rs & eng staff to 
evaluate interface b/wn hardware 
& soft., & operat’ | & performance 
req'ts of overall sys. Provide tech 
guidance on client projects. Will use 
Win NT/95, 2000, PB, Sybase 
Oracle, Visual Basic, C++, UNIX 
FORTRAN, SQL Server, Visual 
Interdev, ASP, Java Script, IIS 
MTS, Access, XML, Java. Bach's in 
CS, Math, Eng or MIS plus 5yrs 
as systems analyst/prog analyst 
Will accept Mast's + 2yrs exp as a 
prog. anal/syst. anal. Req. $ 85,000 
hr, 40hrs/wk, 9:00am to 6:00pm 
Pls. send 2 copies of resume/etters 
of sppin to: Job Order # 2002- 
433, PO Box 989, Concord, NH 
03302-0989 


Sr. Systems Analyst for b/z 
analysis, software development 
using Java, Visual Basic, Java 
Script, SQL, HTML, ASP, Rational 
Rose UML, EJB, Ant, & Clear 
Case on Windows, Windows NT 
& Sun OS. Perform system inte- 
gration functions including IBM 
DB2 projects. Configure Web 
Sphere, iPianet & Siebel. Develop 
Ant Scripts for data migration 
deployment. Maintain documen- 
tation and tech. assist. /support 
BS in Electronics Engineering 
or Comp. Sci. + 3 yr. Exp. in Soft- 
ware design, development, & im- 
plement. for b/z apps. + Sun or 
Microsoft Certificate in Program- 
ming. Comp. Salary. Apply: Net- 
serv, 6580 Jimmy Carter Bivd 
Norcross, GA 30071 with work 
authzn. proof 


MindTree Consulting, an expand- 
ing IT consulting company offering 
product realization services to 
Internet infrastructure and device 
vendors, is searching for qualified 
IT professionals to join its grow- 
ing team. Presently, we have 
positions for Network Adminis- 
trators and Software Consultants 
Experience with Cisco Router, 
Compag servers, Implemented 
Checkpoint network security fire- 
walls, Rational Rose, iPlanet 
Webserver, Sun Microsystem's 
J2EE architecture desired. Qual 
ified applicants will have a bach- 
elor's degree in a relevant field 
and qualifying industry experi- 
ence. Positions may require 
relocation to various client sites 
throughout the United States. 
Qualified applicants submit 
resumes to HR Department, The 
Tower at 270 Davidson Avenue. 
Suite 305, Somerset, NJ 08873. 


Oracle Developer/Database Ad- 
ministrator-IT Co. in Lawrence- 
ville, NJ needs Database Ad: 
ministrator to dsgn d/base 
models using Designer 2000 
Erwin Tools, write d/base creation 
scripts & perform d/base admin 
maintenance & monitoring. Will 
also build & maintain critical 
feeder process for d/bases & 
write high level dsgn & low level 
dsgn documents. BS in Elec- 
tronics or Comp Engg w/3yrs 
exp reqd. Prevailing wage, 
9a-5p. M-F. Contact HR Dept at 
609-912-0666 or fax resume to 
609-912-0605. 


PROG. ANALYST 
Hexaware Technologies, Inc. is 
currently seeking a Programmer 
Analyst who holds at least a B.S. 
in Comp. Sci., Engrg., Business 
or Math & has one yr. exp. as a 
Prog. Analyst, S/W Engr, S/W 
Consultant or Sys. Analyst. Must 
have exp. w/Live Commerce 3.0 
Gentran Server, EDI (ANSI & 
EDIFACT), UNIX & SQL Server 
Must also hold Microsoft Visual 
Basic certification. Resume only 
to: Rajendran Ravindran, Director 
HR, 4343 Commerce Ct., Ste 
618, Lisle, IL 60532 


K Kama Consulting Inc. 


TOP $$'s, W2 or 1 


We are a fast growing 
Consulting company based 
in New Jersey. 
Excellent opportunities for 
Programmers 
Systems Analysts, DBAs 


Sun Solaris System Admins, 
Natural, Powerbuiider, 
ADABAS, ORACLE, SYBASE, 
PROGRESS, COBOL 
TCPAP, Deiphi/VB, Windows NT 


Send your resume to 
Rod McFadden 
Kama Consulting 
Fax:201-934-7166 
Email:Kamaco@ aol.com 


Computerworld + InfoWorld * Network World + November 11, 2002 


S/W Engineers to analyze, design, 
develop and implement CRM, 
client/server, web applis using 
Java, Clarify suite, VB, PB, 
Sybase, Oracle, PL/SQL, MS 
Access on Windows, Unix, Sun 
Solaris OS; interact with users, 
obtain user requirements, conduct 
system analysis, performance 
tuning; test and troubleshoot project 
applis; train end users/team 
members. Require: MS or foreign 
equiv in CS/Engg (any branch) 
with 1 yr exp in IT. Competitive 
salary, ft. Travel involved. Resume 
to: HR, ABZ Consulting, Inc 
3140 Briarcliff Road, Suite A 
Atlanta, GA 30329 


Cedar Enterprise Solutions, Inc., a 
software consulting and services 
organization has an opening for 
VP-Content Value Management 
Technology. The ideal candidate 
will be responsible for manage- 
ment consultancy encompassing 
sales and marketing, account 
development for the U.S. and 
Canada including strategic de- 
velopment and new alliances 
and product development for 
new IT technology. Minimum 
requirements are a Bachelors 
Degree in Marketing and 4 years 
experience in marketing/sales 
manager positions or 6 years 
experience in marketing/sales 
manager positions. Please submit 
your resurne to: Cedar Enterprise 
Solutions, Inc./HR, 100 East 
Pratt Street, Baltimore, MD 
21202 


MET2S 


NET2S is a leading International 
Consulting and Engineering firm 
specializing in communications 
technologies. We are presently 
seeking to fill the following posi. 
tions: 
* Sr. Tibco (RV, Integration Mgr) 
Developer 
*TIBCO/TRIARCH Systems 
Engineer 
* Sr. Security Systems Engineer 
All positions require BS/MS 
degree with a minimum of 2 to 3 
years of experience in the field. 
Must possess excellent commu- 
nication skills as well 


NET2S, 82 Wall Street Suite 400. 
New York, NY 10005; Fax: (212) 
279- 1960; Phone (212) 279-6565; 
or Email: jobus-ny @net2s.com 
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NETWORK ENG Ii - Design 


maintain local area network 
Train users. Bachelor's Computer 
Sci, Eng or equiv + 2 yrs exp 
in job or as software eng + com 
puter network exp reqd. Com- 
petitive salary. Send resume: Mr. 


Buttram, Progress Rail, 1600 


Progress Dr, Albertville, AL 


35950. 


Enterprise Solutions, Inc is] 
hiring all leveis of Programmer 


Analysts, Computer Systems 


Analyst & Software Engineers 
Send resumes to 2118 Walsh 
Ave., Suite 230 Santa Clara, Ca 
95050. Will be placed at client 


site nationwide 


Software Engineer: Manage 
design, draft specs, create sys 
tem plans; develop, configure & 
analyze various comp sys soft 
ware applics, web interfaces 
custom reports, custom GUI & 
internet applics; manage clients 
& client integration issues; define 
& determine bus & sys reqs; pro- 
vide tech solutions for bus sys. 
use Oracle, SQL Server, Access 
97/2000, VBScript, Visual Basic 
Java, Perl, C/C++, ASP, JSP, 
JavaScript, HTML, Cystal Re. 
ports, & DataBeacon. Qualif 
BS in comp sci or rel field + 3 
mos exp in job offrd 
to 646-792-9210, attn 
HR-Sftwr Engr Pos 


Fax res 
Tigris 


Talent is 
the fuel of 
the new 
economy. 


Fill up with 
ITcareers. 


IT careers and 
IT careers.com can 
put your message in 


front of 2/3 of all US 





IT professionals. If 
you want to make 
hires, make your 
way into our pages. 
Call Janis Crowley 
at 


1-800-762-2977 


ITCAREERS 
where the best 
get better 


Global Technical Recruiter 
$41,018/yr. Recruit technical 
professionals and fill Clients’ Job 
Orders with qualified candidates. 
Qualify candidates through tele- 
phone/in-person interviews. Per 
form reference, background, and 
Suitability checks. Submit candi- 
dates to Sales Department 
Team up with Sales to achieve 
placements. Perform candidate 
maintenance activities. Submit 
weekly reports to Corporate. Es- 
tablish new networking and re- 
cruiting resources. Follow guide- 
lines as per the Recruiting 
Performance Monitor and the 
Quality Management System 
Stay in tune with latest market 
technology trends. Update data. 
bases. Perform as a client con 
tact. Coordinate advertisement 
placement, and job fairs. Re. 
quires minimum of Bachelor's 
Degree in Computer Science or 
Computer Engineering or Infor: 
mation Systems. Must have proof 
of legal authority to work in the 
United States. Send your resume 
to the lowa Workforce Center, 
800 7th Street, SE, Cedar Rapids. 
lowa 52406-0729. Please refer 
to Job Order 1A1101625. Em- 
ployer paid advertisement. 


Software Engineer. Duties: Resp. 
for testing & verifying code for 
Telecomm. PCS IT AD testing 
lab using Silk Test. Support test 
ing activities for key develop. ef 
forts & support system environs. 
Develop, write & maintain test 
guidelines, test cases & scripts. 
Determine test requirements & 
coord. test scheduling. Conduct 
systems integration tests, load 
testing & perform functional test- 
ing using Rational Te Suite. 
Requires: B.S. (or foreign equiv.) 
in Comp. Sci., Eng. or a related 
field & 3 yrs. exp. in the job of 
fered or 3 yrs. exp. as a Consultant 
or Systems Analyst. Concurrent 
exp. must incl. 3 yrs. exp. testing 
& verifying code & 3 yrs. exp. de 
veloping & writing test cases and 
scripts. 40 hrs/wk. 8:00 a.m.-5:00 
p.m. Send resume (no 
to: Danielle David, CTG, inc 

13220 Metcalf Ave., Ste. 140 
Overland Park, KS 66213. 


calls) 


Software Developers needed 
Seeking candidates possessing 
BS or equiv. and/or rel. work 
experience. Duties include: ana 
lyzing, designing and developing 
user interfaces; performing 
web based automated testing & 
deploying GUI screens on various 
application servers. 2 year of the 
req. rel. work exp. must include 
working with JSP, JavaScript 


and Serviets. Mail res., & ref 


to: Sterling Commerce, 4600 
Lakehurst Ct., Dublin, OH 43016 
Software Engineer 

Research, design, develop soft 
ware apps. for connectivity to 
SAP using BAPI, Idoc interfaces 
and RFC programming; use 
C/C++ programming language 
with ODBC technclogy to access 
to SQL Server database. Req 
B.S. Comp. Sci., Elec. Eng. or 
equiv. and 4 yrs. exp. Job In 
Delray Beach, FL. Fax resume 
with code 2d3d-022 to 2d3d, Inc 


at 561-278-7833. 


Call your 
ITcareers Sales 
Representative 

or Janis Crowley 
1-800-762-2977 


SENIOR SYSTEMS 
INTEGRATOR 
Perform complex integratior 
Projects revolving around EMC 
Enterprise Storage Solutions 
Develop customized software 
specifically for backup/recover 
systems. interface with customer 
to gather requirements and server 
data specific information to in 
corporate into integration plans. 
Perform hands-on technical in 
tegration of UNIX and NT 
servers. Produce documentatior 
and provide knowledge transfers 
for customer software. Up t 
80% travel. B.S 

Science or related field + 
exp. in Systems Administr 
(incl. UNIX and NT sy 

req. $85,000/yr. Send resur 
to: HR, CTSinc.N 
Alpharetta Hwy. 

Roswell, GA 30076 


in Computer 


IT firm in Detroit, Mi seeks to fill 
the following positions: 


SAP CONSULTANTS: Develop 
& implement functional modu 
such as Fi/CO, MM, SD, PP, an 
ABAP Programming 


PROGR ANALYSTS: Participate 
in all phases of s/w development 
including web applications using 
skills such as Oracle ROBMS 
Java, VB, ASP, JSP, Serviets 
JavaScript, and IBM Web 


DESIGN ENGINEERS 
1. Experience in design 
mentation, data migration, testing 
of PDM systems like Metaphase 
Wind-chill / Enovia; skills such 
as C, C++, Java, Oracle RDBMS. 
SAP, CAD/CAM 
2. Experience in ICAD de 
ment & other KBE OO Systems. 
w/strong background in CAD 
CAM/CAE 


‘here 


mple 


REQUIREMENTS 

Must have BS or MS or ec 
in CS, Mechanical or E 
Administration, Finar 
field; & 1-5 yrs exp in tt 
area 


Positions are available i 

Mi & at client sites throug! 4 
USA. Please mail resume to HR 
33533 West 12 Mile Rd 
Farmington Hills, Ml 48331 


NE Mfg. Co. seeks 
Admin; perform daily 
admin including maintenar 
user accts: configure, install 
maintain NTW equip; maint 
high level security for 
eval/document/test/impler 
new software; asst w 

tation of existing r 

verify comp 

processes _ includir 
backup, file purges 
clearing; recommer 
software purchases. 
continuous improveme 
Purchaser-Supplie 

thru Shop Ass 
probs/provide qualified trair 
Min 3 yrs in-job exp, includ 
use of Programming C++, F 
Pro, TCP/IP. SMTP, NT 
Assistant or other integrated bus 
manag s'ware. Resumes 
Superior Office Produ 
Commerce Pk Rd, Beact 

OH 44122. No calls. EOE 


respond tc 


Cold Fusion Developer. Deve 
Jesign, modify, and mair 

(QL2000 database-driven appl 
cations for the foodservice.corr 
website. Perfor analysis and 
assist in the selection of appropriate 
technology through an under 
standing of end-user needs and 
limitations. 
Competitive salary. Prior experience 
must include five (5) years 
experience utilizing Cold Fusior 
Java, JavaScript, Perl/ CG 
SQL, ASP. Visual Basic, VBScript 
Visual Interdev, COM/DCOM 
and Object Oriented and distributed 
technology such as MTS and 
MSM in applications regarding 
Website security, performance 
and maintenance. Must have 
proof of legal authority to work in 
the U.S. Applicants should send 
resume demonstrating all minimum 
requirements to: Foodbuy, LLC 
1000 Mansell Exchange West 
Suite 300, Alpharetta, GA 
30022. M/F/D/V. 
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‘Black Belt, Wind IM 


Atlanta GA 


Power Systems is the world’s le 


ind services with global annual sa 


Who we are GI 


I 
environment 


Who we seek 
mprovement tools to Energy Prodt 
ind execute a plan to « 


nsure that p' 


performance metrics are initiated a 


‘o ensure 


defining process maps and definitic 


& I 
EP’s business applications; utilize st 
that root cause errors are identified 
projects to delive 


th 
net 





ad 


les of 


spirit and progressive challenges have made GE Powe 


offering exceptional opp. 
| a 
The Black Belt will work with IT Manage 


rojec 


nd exe 


ools; assist in the development of “Critic 
lear linkage between business 
ms, and 
austical 
and fixed; mar portioly 
yn Wind IM’s operatior 


over $1 


wer systems equipment 


t billion. Our innovative team 


Systems an 


yt 


ailabilit 
se quality imp’ 
equirements and 


»~perational processes; assist it 


lata for the operation of 


to analyze process data so 





of qualit 
1 


application performance and 


wailability goals; coach, mentor and train team members on quality improvement 


10dologies; and influence, motivate, and lead others to project completior 


The Black Belt will possess a BS in Information Systems, Computer Science 


Engineering or equivalent plus 1 minimum of 2 years IT experience. The Black 


will demonstrate the ability to manage multiple projects using quality 


improvement tools; lead in a cross-functional environment and to drive change 


in a complex matrix environment. Strong interpersonal, presentation 


communication, organization and facilitation skills are required. 


The Black Belt 


must posses knowledge of MS PowerPoint and Excel, Minitab and Process 
Mapping/ Simulation Software (Process Model, Crystal Ball or Viso) 


How to apply 


We offer a competitive salary, an outstanding benefits package and the 


professional advantages of an environment that supports your development 


and recognizes your achievements. 
AN030. 


referencing code GEPS/287250 


We are an Equal Opportunity Employer 


To apply, please send your resume 


to: opportunities@gecareers.com 


GE Power Systems 





We bring good things te life 
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Continued from page I 


said, AutoNation’s Corporate 
Licensing Program agreement 
no longer exists as a valid 
method to procure software. 

Other difficulties involve 
Citrix’s value-added-reseller 
model, Leitz said. When Auto- 
Nation’s reseller went out of 
business two years ago, some 
of its Citrix purchase history 
went with it, he noted. 

When AutoNation upgraded 
to a new version of Citrix’s 
MetaFrame XPe product, it 
had to go through a three- 
month process of faxing 3- 
year-old purchase orders and 
agreements to Citrix “to re 
view what we believed was 
purchased, vs. what Citrix had 
on record,” Leitz said. 

“Not a pretty process, to say 
the least,” he added. 

Tony Silva, a vice president 
of IT in the Troy, Mich., office 
of ABN Amro North America 
Inc., said it has been some- 
what complicated to keep 
track not only of the Citrix li- 
censes but the other software 
applications running on the 
Citrix servers as well. 

Jim McGrath, a senior man- 
ager of product and technical 
marketing at Citrix, said the 
difficulties can be particularly 
frustrating for longtime cus- 


Peo 
Citrix’s 
Licensing 
Changes 
MAY 1998 Subscription Advan- 
tage option is launched. 


MARCH 1999 Electronic 
licensing option is added. 


FEBRUARY 2001 Licensing 
model based on servers and 
concurrent users is aggregat- 
ed. Licensing is now based 
only on concurrent user con- 
nections. 


MAY 2002 One-year Subscrip- 
tion Advantage plan is made 
mandatory. 








tomers that may have gone 
through several different li- 
censing programs and dis- 

count structures. 

Citrix has started to address 
the problems. The company 
launched an electronic licens- 
ing option in March 1999, and 
this August, it introduced an 
Easy Licensing program that 
lets customers buy products 
as they need them without a 
formal, written contract. 

Using the Easy Licensing 
option, customers can consoli- 
date multiple license contracts 
to a single serial number, so 
they don’t have to manually 
enter their many 20-digit 


Continued from page 1 


Web Services | 


formation from disparate ap- 
plications to a portal. Al- 
though the portal would be 
used for a wide range of busi- 
ness functions, it would also 
help with integration, he said. 

Hugh Jurkiewicz, a corpo- 
rate architect technologist in 
the Wellesley Hills, Mass., of- 
fice of Sun Life Financial Ser- 
vices of Canada Inc., said he 
can foresee Web services 
technology complementing 
his firm’s integration work in 
situations where security and 
transaction needs aren't high. 

Jurkiewicz said he also 
hopes that Web services will 
drive integration broker ven- 
dors to lower the high price of 
their software. 

“For more mission-critical 
application integration needs, 
we may not wish to experiment 
with Web services,” he said. 

As has been the case for 
some time, IT managers con- 
tinued to express concerns 
about the immaturity of Web 
services standards, particular- 
ly in the area of security. 

“The security issues, I think, 


are going to be a big issue with | 


our company. The standards 
aren’t all there yet,” said Tim 
Lienemann, a senior technical 
designer at Pittsburgh-based 








NEWS — 


numbers, McGrath said. 

But McGrath said it would 
be far better if the information 
from Citrix’s product activa- 
tion system was uploaded to 
its secure license site so cus- 
tomers can see what they have 
purchased, when they bought 
it and how much of their Sub- 
scription Advantage option is 
left on each of their licenses. 


Adding Licenses 

As of May, all new Citrix li- 
censes had to be purchased 
with a one-year subscription 
that entitles customers to any 
new product updates released 
over that period. 


U.S. Steel Corp., whose inter- 
nal development staff does 
much of its integration work. 

Janelle Hill, an analyst at 
Meta Group Inc. in Stamford, 
Conn., said only a small per- 
centage of IT shops are cur- 
rently incorporating Web ser- 
vices into their integration 
strategies or requirements be- 
cause of confusion over what 
Web services are and where 
they might be used in their ap- 
plication portfolios. 


A ‘Thin Veneer’ 

Hill said that during the next 
five years, integration vendors 
and IT shops will experiment 
by wrapping a “thin veneer” 
around their applications, in 
the form of Web Services Def- 
inition Language (WSDL) in- 
terfaces. 

However, Hill predicted that 
it will take at least five years 
for companies to re-engineer 
their core applications to be 
service-oriented and gain in- 
teroperability “without a 
whole lot of transformation 
being required in the middle.” 

Roy Schulte, an analyst at 
Gartner, said very few applica- 
tions will run entirely free of 
Web services, if for no other 
reason than “because every 
vendor in the world has built 
it into their products.” 

Schulte recommended that 
companies building new ap- 


| over over the place,” Temple- 
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Templeton said customers 
may be adding licenses on a 
monthly basis, and each time 
they do, they get another li- 
cense number that must be 


added into the system for acti- 


vation purposes. 

“If you buy licenses every 
single month, all these clocks | 
are ticking, and their alarms are | 
going off every 12 months all 
ton said. “It’s too complicated.” 

Bob Kruger, chief technolo- 


| gy officer at Citrix, said the 


technology will be the easy 
part of solving the problem. 
“The tough part is scoping out 
what you need to do and then 
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plications from scratch em- 
ploy a service-oriented archi- 
tecture and use WSDL to doc- 


| ument the interfaces. That 


will make it easier to integrate 
those applications with exist- 
ing legacy and purchased ap- 
plications, because it will have 
“nice, defined calls,” he said. 
Companies can then wrap 
their older applications with 
WSDL interfaces and write 
the code needed to transform 
the data. Or they can purchase 


| an integration broker from 
| specialized vendors such as 
| Tibco Software Inc., web- 


how you get other processes 

within the company to interact 

with those changes,” he said. 
Kruger said he can’t provide 


| details because the system 


hasn’t been finished, but he 
noted that some technology 
will be third-party-based and 
integrated by Citrix. 

In the meantime, Citrix is 
adding license-activation im- 
provements to a new Meta- 
Frame update, due next year. 

Alvin Park, an analyst at 
Gartner Inc., said many ven- 
dors are considering new tools 
to not only help customers 
track their licenses but also to 
keep them in compliance. D 


Methods Inc., SeeBeyond 


| Technology Corp., Mercator 


Software Inc. and Vitria Tech- 
nology Inc., or from large ven- 
dors such as IBM and Micro- 


| soft Corp. 


Schulte said that only a 
small percentage of IT shops 
now use integration brokers, 


but he predicted that more 


will use them as Web services 
help drive down the high cost 


| of the adapters that are need- 
| ed to make connections be- 


tween different applications. 
“If you put in Web services 

and you cut the cost of the 

adapters in half, then you’ve 


| cut the entire project cost by a 
| quarter, and suddenly projects 
| that you couldn't cost-justify 


before, you can now cost-justi- 
fy,” he said 

But it may take some time 
for the impact to trickle down 
to IT shops. One IT manager 
at a large retail chain, who re- 
quested anonymity, said he is- 
n’t interested in the Web ser- 
vices strategies of integration 
brokers “because it’s still in 
the big-hype cycle.” 

“With Web services, it’s go- 
ing to be a long buy-in phase,” 
he said. D 


MORE ON WEB SERVICES 


For full coverage of Web services, visit our 
App Development Knowledge Center 
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The New IBM 


HAT, YOU WERE EXPECTING that maybe Micro- 
soft would be drawn and quartered? That wasn’t 
going to happen. U.S. District Judge Colleen Kol- 
lar-Kotelly closed a few loopholes, but the settle- 
ment she OK’d on Nov. 1 was pretty much what 
Microsoft, the Department of Justice and nine states had agreed on. 
Judges like settlements. So do appeals courts. Unless something 
smells especially awful, settlements get OK'd so cases can be closed. 


So, has Microsoft scored a big win, as its foes 
are screaming? Not really. Microsoft has just 
been confirmed as the new IBM — complete 
with an antitrust noose around its neck. 

Let’s take a lesson from history. Sure, some 
anti-Microsoft folks really did believe, at this 
late date, that Microsoft might still be broken 
up. But that was wishful thinking. A stripped- 
down Windows was a possibility, but unlikely. 
Like I said, appeals courts like settlements. Just 
ask Stanley Sporkin. 

Remember Judge Sporkin? He threw out the 
original Microsoft/Justice Department antitrust 
settlement in 1995 because he thought it wasn’t 
tough enough. An appeals court reinstated it, 
and everyone complained that the agreement 
was toothless and Microsoft was getting off 
scot-free. A judge named Thomas Penfield 
Jackson finally signed off on the deal. 

Two years later, that “toothless” agreement 
landed Microsoft back in Judge Jackson’s court. 
The year after that, Microsoft was hit with the 
full-fledged antitrust suit that now has it under 
court supervision for the next five to seven 
years as a convicted monopolist. 

That’s how antitrust cases work. There’s no 
big bang, no high-profile execution — just a 
long, slow tightening of the noose. 

You say that doesn’t help the 
companies that get crushed by the 
monopolist? No, it doesn’t. But 
that’s nothing new. Remember, 
monopolist IBM rolled over General 
Electric, RCA, Honeywell, Control 
Data, Burroughs, Sperry, NCR, Am- 
dahl and many smaller mainframe 
vendors on the way to becoming the 
original 800-pound gorilla in IT. 

The Justice Department started 





the ropes by 1992 — was a new technology 
called desktop computing, where IBM’s main- 
frame monopoly power was irrelevant. Hob- 
bled by antitrust consent agreements and on- 
going lawsuits, IBM was outflanked by com- 
petitors that cloned its PC hardware and the 
company that owned the operating system — 
a nimble little upstart from Redmond, Wash., 
named Microsoft. 

Now Microsoft, the new IBM, has its own 
antitrust noose. Sure, it’ll get tighter. In 50 or 
60 years, it may slow down Microsoft enough 
for a competitor to put it on the ropes, too. 

So if you’re counting on antitrust enforce- 
ment to get rid of your current 800-pound 
gorilla, you’d better be very patient. 

Or you could learn from history. 

Nobody knocked out IBM by building a bet- 
ter mainframe. Microsoft and rival PC makers 
did it by making IBM’s monopoly irrelevant. 
They changed the rules, the technology and the 
business model. 

You want to beat Microsoft’s monopoly? 
You'll have to make it irrelevant. If you’re a ven- 
dor, maybe that means trying new price points 
that Microsoft is afraid to touch. Or new tech- 
nologies that will make Windows irrelevant. Or 
a new business model, like open source. 

If you’re an IT shop, it probably 
means looking hard at alternatives 
you’ve never considered before — 
thinking outside the conventional 
IT box, maybe way outside it, to 
find new ways of making users 
more productive and effective. 

Whether you're a vendor or user, 
that’s the only way to get that 800- 
pound gorilla off your back. 

Because the antitrust noose 
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This e-business project connects customers and sup- 
pliers to a utility company's mainframes, and the man- 
aging pilot fish takes no chances - there are weeks of 
user training and nine months of testing before it goes 
live. Result: On Day 1, there's exactly one user who re- 
ports a showstopping problem. “I've logged into the 
system,” user says. “Now what do | do?” 


Count On It “It’s poor engi- 
eee SMARK eee 
to says, “ 
cards toitscus- TANK should be per- 
tomers. And ex- fectly clear 
ecutives want to be able ; that since I've dragged 
to support 100 million —_: them to the recycle bin, | 
customers - but with — ; do want to delete them.” 
just a six-digit ID num- = 
That’s mathematically: What this company 
impossible, IT consultant : needs is a network man- 
if you used every num- _; decide. Some $80,000 
ber from 000000 upto : and months of late 
“What if we don’t assign ; later, it’s finally in place. 
: duction target date by 
That Often? : six days,” says a pilot 
IT pilot fish sets up fish on the project. That 





e-mail for each salesper- : 
son at this auto dealer- 
prospective car buyers 
could e-mail them via a 
form on the dealership 
Web site and, hopefully, 
end up buying a car,” 
says fish. “A week later, 
one salesman stopped 
me in the showroom to 
say how wonderful his 
e-mail was and to tell 
me he intended to check 
it every week.” 


very week, operations 


the new system sticks 


: his head into fish’s office 
: with a question: “This 
i system - is this some- 
? thing we could target for 


: Much Better 

: “The keys stick, the re- 
: sponse isn't good,” she 
: tells IT pilot fish. So fish 


; replaces it. Now the 


Yeah, Really 
Upset engineer needs 
some files restored that 
he accidentally dragged 


: keys are too high and it 
; doesn't feel right, she 
: says. “In the end, | 

: cleaned up her old key- 


; board and gave it back 
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the Sharkives and sign up for Shark Tank home delivery at 
computerworld.com/sharky. 


FRANK HAYES, Computer- 
world's senior news colum- 
nist, has covered IT for more 
than 20 years. Contact him at 


tightening the antitrust noose on 
IBM way back in 1932. But what 
finally knocked Big Blue out of the 
top spot — and actually had IBM on 


around its neck may slow it down 
a little. But if you want to draw and 
quarter Microsoft, you'll have to do 
it yourself. D 
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